]>
Commit | Line | Data |
---|---|---|
0efdf0fe | 1 | .. _installation: |
42fc5d26 | 2 | |
42fc5d26 | 3 | Installation |
717b4866 | 4 | ============ |
42fc5d26 QY |
5 | |
6 | .. index:: How to install FRR | |
42fc5d26 | 7 | .. index:: Installation |
42fc5d26 | 8 | .. index:: Installing FRR |
42fc5d26 | 9 | .. index:: Building the system |
42fc5d26 QY |
10 | .. index:: Making FRR |
11 | ||
717b4866 | 12 | This section covers the basics of building, installing and setting up FRR. |
44f2550e | 13 | |
717b4866 QY |
14 | From Packages |
15 | ------------- | |
44f2550e | 16 | |
717b4866 QY |
17 | The project publishes packages for Red Hat, Centos, Debian and Ubuntu on the |
18 | `GitHub releases <https://github.com/FRRouting/frr/releases>`_. page. External | |
19 | contributors offer packages for many other platforms including \*BSD, Alpine, | |
20 | Gentoo, Docker, and others. There is currently no documentation on how to use | |
21 | those but we hope to add it soon. | |
42fc5d26 | 22 | |
717b4866 QY |
23 | From Snapcraft |
24 | -------------- | |
42fc5d26 | 25 | |
717b4866 QY |
26 | In addition to traditional packages the project also builds and publishes |
27 | universal Snap images, available at https://snapcraft.io/frr. | |
44f2550e | 28 | |
717b4866 QY |
29 | From Source |
30 | ----------- | |
42fc5d26 | 31 | |
717b4866 QY |
32 | Building FRR from source is the best way to ensure you have the latest features |
33 | and bug fixes. Details for each supported platform, including dependency | |
34 | package listings, permissions, and other gotchas, are in the developer's | |
35 | documentation. This section provides a brief overview on the process. | |
42fc5d26 | 36 | |
717b4866 QY |
37 | Getting the Source |
38 | ^^^^^^^^^^^^^^^^^^ | |
42fc5d26 | 39 | |
717b4866 QY |
40 | FRR's source is available on the project |
41 | `GitHub page <https://github.com/FRRouting/frr>`_. | |
42fc5d26 | 42 | |
717b4866 | 43 | .. code-block:: shell |
42fc5d26 | 44 | |
717b4866 | 45 | git clone https://github.com/FRRouting/frr.git |
42fc5d26 | 46 | |
717b4866 QY |
47 | When building from Git there are several branches to choose from. The |
48 | ``master`` branch is the primary development branch. It should be considered | |
49 | unstable. Each release has its own branch named ``stable/X.X``, where ``X.X`` | |
50 | is the release version. | |
42fc5d26 | 51 | |
717b4866 QY |
52 | In addition, release tarballs are published on the GitHub releases page |
53 | `here <https://github.com/FRRouting/frr/releases>`_. | |
42fc5d26 | 54 | |
717b4866 QY |
55 | Configuration |
56 | ^^^^^^^^^^^^^ | |
42fc5d26 | 57 | |
717b4866 QY |
58 | .. index:: Configuration options |
59 | .. index:: Options for configuring | |
60 | .. index:: Build options | |
42fc5d26 | 61 | .. index:: Distribution configuration |
42fc5d26 QY |
62 | .. index:: Options to `./configure` |
63 | ||
717b4866 QY |
64 | FRR has an excellent configure script which automatically detects most host |
65 | configurations. There are several additional configure options to customize the | |
66 | build to include or exclude specific features and dependencies. | |
67 | ||
68 | First, update the build system. Change into your FRR source directory and issue: | |
69 | ||
70 | .. code-block:: shell | |
71 | ||
72 | ./bootstrap.sh | |
73 | ||
74 | This will install any missing build scripts and update the Autotools | |
75 | configuration. Once this is done you can move on to choosing your configuration | |
76 | options from the list below. | |
77 | ||
78 | .. _frr-configuration: | |
42fc5d26 | 79 | |
dc5564c7 | 80 | .. program:: configure |
42fc5d26 | 81 | |
7b5301f5 DS |
82 | .. option:: --enable-tcmalloc |
83 | ||
84 | Enable the alternate malloc library. In some cases this is faster and more efficient, | |
85 | in some cases it is not. | |
86 | ||
87 | .. option:: --disable-doc | |
88 | ||
89 | Do not build any documentation, including this one. | |
90 | ||
91 | .. option:: --enable-doc-html | |
92 | ||
93 | From the documentation build html docs as well in addition to the normal output. | |
94 | ||
dc5564c7 | 95 | .. option:: --disable-zebra |
42fc5d26 | 96 | |
7b5301f5 DS |
97 | Do not build zebra daemon. This generally only be useful in a scenario where |
98 | you are building bgp as a standalone server. | |
42fc5d26 | 99 | |
dc5564c7 | 100 | .. option:: --disable-ripd |
42fc5d26 | 101 | |
dc5564c7 | 102 | Do not build ripd. |
42fc5d26 | 103 | |
dc5564c7 | 104 | .. option:: --disable-ripngd |
42fc5d26 | 105 | |
dc5564c7 | 106 | Do not build ripngd. |
42fc5d26 | 107 | |
dc5564c7 | 108 | .. option:: --disable-ospfd |
42fc5d26 | 109 | |
dc5564c7 | 110 | Do not build ospfd. |
42fc5d26 | 111 | |
dc5564c7 | 112 | .. option:: --disable-ospf6d |
42fc5d26 | 113 | |
dc5564c7 | 114 | Do not build ospf6d. |
42fc5d26 | 115 | |
dc5564c7 | 116 | .. option:: --disable-bgpd |
42fc5d26 | 117 | |
dc5564c7 | 118 | Do not build bgpd. |
42fc5d26 | 119 | |
7b5301f5 DS |
120 | .. option:: --disable-ldpd |
121 | ||
122 | Do not build ldpd. | |
123 | ||
124 | .. option:: --disable-nhrpd | |
125 | ||
126 | Do not build nhrpd. | |
127 | ||
128 | .. option:: --disable-eigrpd | |
129 | ||
130 | Do not build eigrpd. | |
131 | ||
132 | .. option:: --disable-babeld | |
133 | ||
134 | Do not build babeld. | |
135 | ||
136 | .. option:: --disable-watchfrr | |
137 | ||
138 | Do not build watchfrr. Watchfrr is used to integrate daemons into startup/shutdown | |
139 | software available on your machine. This is needed for systemd integration, if you | |
140 | disable watchfrr you cannot have any systemd integration. | |
141 | ||
142 | .. option:: --enable-systemd | |
143 | ||
144 | Build watchfrr with systemd integration, this will allow FRR to communicate with | |
145 | systemd to tell systemd if FRR has come up properly. | |
146 | ||
c295c6ce DS |
147 | .. option:: --enable-werror |
148 | ||
149 | Build with all warnings converted to errors as a compile option. This | |
150 | is recommended for developers only. | |
151 | ||
7b5301f5 DS |
152 | .. option:: --disable-pimd |
153 | ||
154 | Turn off building of pimd. On some BSD platforms pimd will not build properly due | |
155 | to lack of kernel support. | |
156 | ||
85400b29 MS |
157 | .. option:: --disable-vrrpd |
158 | ||
159 | Turn off building of vrrpd. Linux is required for vrrpd support; | |
160 | other platforms are not supported. | |
161 | ||
7b5301f5 DS |
162 | .. option:: --disable-pbrd |
163 | ||
164 | Turn off building of pbrd. This daemon currently requires linux in order to function | |
165 | properly. | |
166 | ||
167 | .. option:: --enable-sharpd | |
168 | ||
169 | Turn on building of sharpd. This daemon facilitates testing of FRR and can also | |
170 | be used as a quick and easy route generator. | |
171 | ||
172 | .. option:: --disable-staticd | |
173 | ||
174 | Do not build staticd. This daemon is necessary if you want static routes. | |
175 | ||
c44032c1 RZ |
176 | .. option:: --disable-bfdd |
177 | ||
178 | Do not build bfdd. | |
179 | ||
dc5564c7 | 180 | .. option:: --disable-bgp-announce |
42fc5d26 | 181 | |
dc5564c7 QY |
182 | Make *bgpd* which does not make bgp announcements at all. This |
183 | feature is good for using *bgpd* as a BGP announcement listener. | |
42fc5d26 | 184 | |
7b5301f5 DS |
185 | .. option:: --disable-bgp-vnc |
186 | ||
187 | Turn off bgpd's ability to use VNC. | |
188 | ||
c295c6ce DS |
189 | .. option:: --disable-bgp-bmp |
190 | ||
191 | Turn off BGP BMP support | |
192 | ||
dc5564c7 | 193 | .. option:: --enable-datacenter |
42fc5d26 | 194 | |
dc5564c7 QY |
195 | Enable system defaults to work as if in a Data Center. See defaults.h |
196 | for what is changed by this configure option. | |
42fc5d26 | 197 | |
dc5564c7 | 198 | .. option:: --enable-snmp |
42fc5d26 | 199 | |
dc5564c7 | 200 | Enable SNMP support. By default, SNMP support is disabled. |
42fc5d26 | 201 | |
dc5564c7 | 202 | .. option:: --disable-ospfapi |
42fc5d26 | 203 | |
dc5564c7 QY |
204 | Disable support for OSPF-API, an API to interface directly with ospfd. |
205 | OSPF-API is enabled if --enable-opaque-lsa is set. | |
206 | ||
207 | .. option:: --disable-ospfclient | |
208 | ||
209 | Disable building of the example OSPF-API client. | |
210 | ||
dc5564c7 QY |
211 | .. option:: --disable-isisd |
212 | ||
213 | Do not build isisd. | |
214 | ||
f3c7b99d CF |
215 | .. option:: --disable-fabricd |
216 | ||
217 | Do not build fabricd. | |
218 | ||
dc5564c7 QY |
219 | .. option:: --enable-isis-topology |
220 | ||
221 | Enable IS-IS topology generator. | |
222 | ||
a5a48dbf QY |
223 | .. option:: --enable-realms |
224 | ||
225 | Enable the support of Linux Realms. Convert tag values from 1-255 into a | |
226 | realm value when inserting into the Linux kernel. Then routing policy can be | |
227 | assigned to the realm. See the tc man page. | |
228 | ||
c295c6ce DS |
229 | .. option:: --disable-irdp |
230 | ||
231 | Disable IRDP server support. This is enabled by default if we have | |
232 | both `struct in_pktinfo` and `struct icmphdr` available to us. | |
233 | ||
dc5564c7 QY |
234 | .. option:: --disable-rtadv |
235 | ||
236 | Disable support IPV6 router advertisement in zebra. | |
237 | ||
238 | .. option:: --enable-gcc-rdynamic | |
239 | ||
d1a242fd | 240 | Pass the ``-rdynamic`` option to the linker driver. This is in most cases |
d1e7591e | 241 | necessary for getting usable backtraces. This option defaults to on if the |
d1a242fd | 242 | compiler is detected as gcc, but giving an explicit enable/disable is |
dc5564c7 QY |
243 | suggested. |
244 | ||
245 | .. option:: --disable-backtrace | |
246 | ||
247 | Controls backtrace support for the crash handlers. This is autodetected by | |
248 | default. Using the switch will enforce the requested behaviour, failing with | |
249 | an error if support is requested but not available. On BSD systems, this | |
250 | needs libexecinfo, while on glibc support for this is part of libc itself. | |
251 | ||
252 | .. option:: --enable-dev-build | |
253 | ||
254 | Turn on some options for compiling FRR within a development environment in | |
255 | mind. Specifically turn on -g3 -O0 for compiling options and add inclusion | |
256 | of grammar sandbox. | |
257 | ||
258 | .. option:: --enable-fuzzing | |
259 | ||
260 | Turn on some compile options to allow you to run fuzzing tools against the | |
261 | system. This flag is intended as a developer only tool and should not be | |
262 | used for normal operations. | |
263 | ||
264 | .. option:: --disable-snmp | |
265 | ||
266 | Build without SNMP support. | |
42fc5d26 | 267 | |
c1a54c05 QY |
268 | .. option:: --disable-vtysh |
269 | ||
270 | Build without VTYSH. | |
42fc5d26 | 271 | |
013f9762 QY |
272 | .. option:: --enable-fpm |
273 | ||
274 | Build with FPM module support. | |
275 | ||
1f35b46a QY |
276 | .. option:: --enable-numeric-version |
277 | ||
278 | Alpine Linux does not allow non-numeric characters in the version string. | |
d1e7591e | 279 | With this option, we provide a way to strip out these characters for APK dev |
1f35b46a QY |
280 | package builds. |
281 | ||
0d8df934 DS |
282 | .. option:: --enable-multipath=X |
283 | ||
284 | Compile FRR with up to X way ECMP supported. This number can be from 0-999. | |
56f0bea7 | 285 | For backwards compatibility with older configure options when setting X = 0, |
0d8df934 DS |
286 | we will build FRR with 64 way ECMP. This is needed because there are |
287 | hardcoded arrays that FRR builds towards, so we need to know how big to | |
b16b7e07 DS |
288 | make these arrays at build time. Additionally if this parameter is |
289 | not passed in FRR will default to 16 ECMP. | |
0d8df934 | 290 | |
7b5301f5 DS |
291 | .. option:: --enable-shell-access |
292 | ||
293 | Turn on the ability of FRR to access some shell options( telnet/ssh/bash/etc. ) | |
294 | from vtysh itself. This option is considered extremely unsecure and should only | |
295 | be considered for usage if you really really know what you are doing. | |
296 | ||
83284209 AJ |
297 | .. option:: --enable-gcov |
298 | ||
299 | Code coverage reports from gcov require adjustments to the C and LD flags. | |
300 | With this option, gcov instrumentation is added to the build and coverage | |
301 | reports are created during execution. The check-coverage make target is | |
302 | also created to ease report uploading to codecov.io. The upload requires | |
303 | the COMMIT (git hash) and TOKEN (codecov upload token) environment variables | |
304 | be set. | |
305 | ||
1c2facd1 RW |
306 | .. option:: --enable-config-rollbacks |
307 | ||
308 | Build with configuration rollback support. Requires SQLite3. | |
309 | ||
5bce33b3 RW |
310 | .. option:: --enable-confd=<dir> |
311 | ||
312 | Build the ConfD northbound plugin. Look for the libconfd libs and headers | |
313 | in `dir`. | |
314 | ||
a7ca2199 RW |
315 | .. option:: --enable-sysrepo |
316 | ||
317 | Build the Sysrepo northbound plugin. | |
318 | ||
c295c6ce DS |
319 | .. option:: --enable-grpc |
320 | ||
321 | Enable the gRPC northbound plugin. | |
322 | ||
323 | .. option:: --enable-zeromq | |
324 | ||
325 | Enable the ZeroMQ handler. | |
326 | ||
327 | .. option:: --with-libpam | |
328 | ||
329 | Use libpam for PAM support in vtysh. | |
330 | ||
f75e802d DS |
331 | .. option:: --enable-time-check XXX |
332 | ||
333 | When this is enabled with a XXX value in microseconds, any thread that | |
334 | runs for over this value will cause a warning to be issued to the log. | |
335 | If you do not specify any value or don't include this option then | |
336 | the default time is 5 seconds. If --disable-time-check is specified | |
337 | then no warning is issued for any thread run length. | |
338 | ||
339 | .. option:: --disable-cpu-time | |
340 | ||
341 | Disable cpu process accounting, this command also disables the `show thread cpu` | |
342 | command. If this option is disabled, --enable-time-check is ignored. This | |
343 | disabling of cpu time effectively means that the getrusage call is skipped. | |
344 | Since this is a process switch into the kernel, systems with high FRR | |
345 | load might see improvement in behavior. Be aware that `show thread cpu` | |
346 | is considered a good data gathering tool from the perspective of developers. | |
347 | ||
c295c6ce DS |
348 | .. option:: --enable-pcreposix |
349 | ||
350 | Turn on the usage of PCRE Posix libs for regex functionality. | |
351 | ||
42fc5d26 | 352 | You may specify any combination of the above options to the configure |
dc5564c7 | 353 | script. By default, the executables are placed in :file:`/usr/local/sbin` |
42fc5d26 | 354 | and the configuration files in :file:`/usr/local/etc`. The :file:`/usr/local/` |
44f2550e | 355 | installation prefix and other directories may be changed using the following |
42fc5d26 QY |
356 | options to the configuration script. |
357 | ||
d1a242fd | 358 | .. option:: --prefix <prefix> |
42fc5d26 | 359 | |
dc5564c7 | 360 | Install architecture-independent files in `prefix` [/usr/local]. |
42fc5d26 | 361 | |
d1a242fd | 362 | .. option:: --sysconfdir <dir> |
42fc5d26 | 363 | |
dc5564c7 QY |
364 | Look for configuration files in `dir` [`prefix`/etc]. Note that sample |
365 | configuration files will be installed here. | |
44f2550e | 366 | |
d1a242fd | 367 | .. option:: --localstatedir <dir> |
42fc5d26 | 368 | |
d1a242fd QY |
369 | Configure zebra to use `dir` for local state files, such as pid files and |
370 | unix sockets. | |
42fc5d26 | 371 | |
f805c84e RW |
372 | .. option:: --with-yangmodelsdir <dir> |
373 | ||
374 | Look for YANG modules in `dir` [`prefix`/share/yang]. Note that the FRR | |
375 | YANG modules will be installed here. | |
376 | ||
45da32d7 DL |
377 | Python dependency, documentation and tests |
378 | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ | |
379 | ||
380 | FRR's documentation and basic unit tests heavily use code written in Python. | |
381 | Additionally, FRR ships Python extensions written in C which are used during | |
382 | its build process. | |
383 | ||
384 | To this extent, FRR needs the following: | |
385 | ||
386 | * an installation of CPython, preferably version 3.2 or newer (2.7 works but | |
387 | is end of life and will stop working at some point.) | |
388 | * development files (mostly headers) for that version of CPython | |
389 | * an installation of `sphinx` for that version of CPython, to build the | |
390 | documentation | |
391 | * an installation of `pytest` for that version of CPython, to run the unit | |
392 | tests | |
393 | ||
394 | The `sphinx` and `pytest` dependencies can be avoided by not building | |
395 | documentation / not running ``make check``, but the CPython dependency is a | |
396 | hard dependency of the FRR build process (for the `clippy` tool.) | |
397 | ||
11ab5329 | 398 | .. _least-privilege-support: |
42fc5d26 | 399 | |
d1a242fd | 400 | Least-Privilege Support |
717b4866 | 401 | """"""""""""""""""""""" |
42fc5d26 QY |
402 | |
403 | .. index:: FRR Least-Privileges | |
42fc5d26 QY |
404 | .. index:: FRR Privileges |
405 | ||
406 | Additionally, you may configure zebra to drop its elevated privileges | |
407 | shortly after startup and switch to another user. The configure script will | |
408 | automatically try to configure this support. There are three configure | |
409 | options to control the behaviour of FRR daemons. | |
410 | ||
d1a242fd | 411 | .. option:: --enable-user <user> |
42fc5d26 | 412 | |
d1a242fd QY |
413 | Switch to user `user shortly after startup, and run as user `user` in normal |
414 | operation. | |
42fc5d26 | 415 | |
d1a242fd | 416 | .. option:: --enable-group <user> |
42fc5d26 | 417 | |
d1a242fd | 418 | Switch real and effective group to `group` shortly after startup. |
42fc5d26 | 419 | |
d1a242fd | 420 | .. option:: --enable-vty-group <group> |
dc5564c7 | 421 | |
d1e7591e QY |
422 | Create Unix Vty sockets (for use with vtysh) with group ownership set to |
423 | `group`. This allows one to create a separate group which is restricted to | |
d1a242fd QY |
424 | accessing only the vty sockets, hence allowing one to delegate this group to |
425 | individual users, or to run vtysh setgid to this group. | |
42fc5d26 | 426 | |
07a17e6d QY |
427 | The default user and group which will be configured is 'frr' if no user or |
428 | group is specified. Note that this user or group requires write access to the | |
429 | local state directory (see :option:`--localstatedir`) and requires at least | |
430 | read access, and write access if you wish to allow daemons to write out their | |
431 | configuration, to the configuration directory (see :option:`--sysconfdir`). | |
42fc5d26 | 432 | |
dc5564c7 QY |
433 | On systems which have the 'libcap' capabilities manipulation library (currently |
434 | only Linux), FRR will retain only minimal capabilities required and will only | |
435 | raise these capabilities for brief periods. On systems without libcap, FRR will | |
436 | run as the user specified and only raise its UID to 0 for brief periods. | |
42fc5d26 | 437 | |
42fc5d26 | 438 | Linux Notes |
717b4866 | 439 | """"""""""" |
42fc5d26 QY |
440 | |
441 | .. index:: Building on Linux boxes | |
42fc5d26 QY |
442 | .. index:: Linux configurations |
443 | ||
717b4866 QY |
444 | There are several options available only to GNU/Linux systems. If you use |
445 | GNU/Linux, make sure that the current kernel configuration is what you want. | |
446 | FRR will run with any kernel configuration but some recommendations do exist. | |
42fc5d26 | 447 | |
717b4866 | 448 | :makevar:`CONFIG_NETLINK` |
fe93e2e3 | 449 | Kernel/User Netlink socket. This enables an advanced interface between |
717b4866 | 450 | the Linux kernel and *zebra* (:ref:`kernel-interface`). |
42fc5d26 | 451 | |
717b4866 QY |
452 | :makevar:`CONFIG_RTNETLINK` |
453 | This makes it possible to receive Netlink routing messages. If you specify | |
454 | this option, *zebra* can detect routing information updates directly from | |
455 | the kernel (:ref:`kernel-interface`). | |
44f2550e | 456 | |
717b4866 QY |
457 | :makevar:`CONFIG_IP_MULTICAST` |
458 | This option enables IP multicast and should be specified when you use *ripd* | |
459 | (:ref:`rip`) or *ospfd* (:ref:`ospfv2`) because these protocols use | |
460 | multicast. | |
42fc5d26 | 461 | |
3c29c38d LB |
462 | Linux sysctl settings and kernel modules |
463 | ```````````````````````````````````````` | |
464 | ||
465 | There are several kernel parameters that impact overall operation of FRR when | |
466 | using Linux as a router. Generally these parameters should be set in a | |
467 | sysctl related configuration file, e.g., :file:`/etc/sysctl.conf` on | |
468 | Ubuntu based systems and a new file | |
469 | :file:`/etc/sysctl.d/90-routing-sysctl.conf` on Centos based systems. | |
470 | Additional kernel modules are also needed to support MPLS forwarding. | |
471 | ||
472 | :makevar:`IPv4 and IPv6 forwarding` | |
473 | The following are set to enable IP forwarding in the kernel: | |
474 | ||
475 | .. code-block:: shell | |
476 | ||
477 | net.ipv4.conf.all.forwarding=1 | |
478 | net.ipv6.conf.all.forwarding=1 | |
479 | ||
480 | :makevar:`MPLS forwarding` | |
fe93e2e3 A |
481 | Basic MPLS support was introduced in the kernel in version 4.1 and |
482 | additional capability was introduced in 4.3 and 4.5. | |
483 | For some general information on Linux MPLS support, see | |
3c29c38d LB |
484 | https://www.netdevconf.org/1.1/proceedings/slides/prabhu-mpls-tutorial.pdf. |
485 | The following modules should be loaded to support MPLS forwarding, | |
486 | and are generally added to a configuration file such as | |
487 | :file:`/etc/modules-load.d/modules.conf`: | |
488 | ||
489 | .. code-block:: shell | |
490 | ||
491 | # Load MPLS Kernel Modules | |
492 | mpls_router | |
493 | mpls_iptunnel | |
494 | ||
e25aa976 MS |
495 | The following is an example to enable MPLS forwarding in the |
496 | kernel, typically by editing :file:`/etc/sysctl.conf`: | |
3c29c38d LB |
497 | |
498 | .. code-block:: shell | |
499 | ||
500 | # Enable MPLS Label processing on all interfaces | |
501 | net.mpls.conf.eth0.input=1 | |
502 | net.mpls.conf.eth1.input=1 | |
503 | net.mpls.conf.eth2.input=1 | |
504 | net.mpls.platform_labels=100000 | |
505 | ||
506 | Make sure to add a line equal to :file:`net.mpls.conf.<if>.input` for | |
507 | each interface *'<if>'* used with MPLS and to set labels to an | |
508 | appropriate value. | |
509 | ||
510 | :makevar:`VRF forwarding` | |
4c97fd1a | 511 | General information on Linux VRF support can be found in |
3c29c38d LB |
512 | https://www.kernel.org/doc/Documentation/networking/vrf.txt. Kernel |
513 | support for VRFs was introduced in 4.3 and improved upon through | |
514 | 4.13, which is the version most used in FRR testing (as of June | |
515 | 2018). Additional background on using Linux VRFs and kernel specific | |
516 | features can be found in | |
517 | http://schd.ws/hosted_files/ossna2017/fe/vrf-tutorial-oss.pdf. | |
518 | ||
519 | The following impacts how BGP TCP sockets are managed across VRFs: | |
520 | ||
521 | .. code-block:: shell | |
522 | ||
523 | net.ipv4.tcp_l3mdev_accept=0 | |
524 | ||
525 | With this setting a BGP TCP socket is opened per VRF. This setting | |
526 | ensures that other TCP services, such as SSH, provided for non-VRF | |
527 | purposes are blocked from VRF associated Linux interfaces. | |
528 | ||
529 | .. code-block:: shell | |
530 | ||
531 | net.ipv4.tcp_l3mdev_accept=1 | |
532 | ||
533 | With this setting a single BGP TCP socket is shared across the | |
534 | system. This setting exposes any TCP service running on the system, | |
535 | e.g., SSH, to all VRFs. Generally this setting is not used in | |
536 | environments where VRFs are used to support multiple administrative | |
537 | groups. | |
538 | ||
539 | **Important note** as of June 2018, Kernel versions 4.14-4.18 have a | |
540 | known bug where VRF-specific TCP sockets are not properly handled. When | |
541 | running these kernel versions, if unable to establish any VRF BGP | |
542 | adjacencies, either downgrade to 4.13 or set | |
543 | 'net.ipv4.tcp_l3mdev_accept=1'. The fix for this issue is planned to be | |
fe93e2e3 | 544 | included in future kernel versions. So upgrading your kernel may also |
3c29c38d LB |
545 | address this issue. |
546 | ||
4c97fd1a | 547 | |
717b4866 QY |
548 | Building |
549 | ^^^^^^^^ | |
42fc5d26 | 550 | |
717b4866 QY |
551 | Once you have chosen your configure options, run the configure script and pass |
552 | the options you chose: | |
42fc5d26 | 553 | |
717b4866 | 554 | .. code-block:: shell |
42fc5d26 | 555 | |
717b4866 QY |
556 | ./configure \ |
557 | --prefix=/usr \ | |
558 | --enable-exampledir=/usr/share/doc/frr/examples/ \ | |
559 | --localstatedir=/var/run/frr \ | |
560 | --sbindir=/usr/lib/frr \ | |
561 | --sysconfdir=/etc/frr \ | |
562 | --enable-pimd \ | |
563 | --enable-watchfrr \ | |
564 | ... | |
44f2550e | 565 | |
fe93e2e3 | 566 | After configuring the software, you are ready to build and install it in your |
717b4866 | 567 | system. |
42fc5d26 | 568 | |
717b4866 | 569 | .. code-block:: shell |
42fc5d26 | 570 | |
717b4866 | 571 | make && sudo make install |
42fc5d26 | 572 | |
717b4866 QY |
573 | If everything finishes successfully, FRR should be installed. You should now |
574 | skip to the section on :ref:`basic-setup`. |