]>
Commit | Line | Data |
---|---|---|
1 | .. _zebra: | |
2 | ||
3 | ***** | |
4 | Zebra | |
5 | ***** | |
6 | ||
7 | *zebra* is an IP routing manager. It provides kernel routing | |
8 | table updates, interface lookups, and redistribution of routes between | |
9 | different routing protocols. | |
10 | ||
11 | .. _invoking-zebra: | |
12 | ||
13 | Invoking zebra | |
14 | ============== | |
15 | ||
16 | Besides the common invocation options (:ref:`common-invocation-options`), the | |
17 | *zebra* specific invocation options are listed below. | |
18 | ||
19 | .. program:: zebra | |
20 | ||
21 | .. option:: -b, --batch | |
22 | ||
23 | Runs in batch mode. *zebra* parses configuration file and terminates | |
24 | immediately. | |
25 | ||
26 | .. option:: -K TIME, --graceful_restart TIME | |
27 | ||
28 | If this option is specified, the graceful restart time is TIME seconds. | |
29 | Zebra, when started, will read in routes. Those routes that Zebra | |
30 | identifies that it was the originator of will be swept in TIME seconds. | |
31 | If no time is specified then we will sweep those routes immediately. | |
32 | ||
33 | .. option:: -r, --retain | |
34 | ||
35 | When program terminates, do not flush routes installed by *zebra* from the | |
36 | kernel. | |
37 | ||
38 | .. option:: -e X, --ecmp X | |
39 | ||
40 | Run zebra with a limited ecmp ability compared to what it is compiled to. | |
41 | If you are running zebra on hardware limited functionality you can | |
42 | force zebra to limit the maximum ecmp allowed to X. This number | |
43 | is bounded by what you compiled FRR with as the maximum number. | |
44 | ||
45 | .. option:: -n, --vrfwnetns | |
46 | ||
47 | When *Zebra* starts with this option, the VRF backend is based on Linux | |
48 | network namespaces. That implies that all network namespaces discovered by | |
49 | ZEBRA will create an associated VRF. The other daemons will operate on the VRF | |
50 | VRF defined by *Zebra*, as usual. | |
51 | ||
52 | .. seealso:: :ref:`zebra-vrf` | |
53 | ||
54 | .. option:: -o, --vrfdefaultname | |
55 | ||
56 | When *Zebra* starts with this option, the default VRF name is changed to the | |
57 | parameter. | |
58 | ||
59 | .. seealso:: :ref:`zebra-vrf` | |
60 | ||
61 | .. option:: -z <path_to_socket>, --socket <path_to_socket> | |
62 | ||
63 | If this option is supplied on the cli, the path to the zebra | |
64 | control socket(zapi), is used. This option overrides a -N <namespace> | |
65 | option if handed to it on the cli. | |
66 | ||
67 | .. option:: --v6-rr-semantics | |
68 | ||
69 | The linux kernel is receiving the ability to use the same route | |
70 | replacement semantics for v6 that v4 uses. If you are using a | |
71 | kernel that supports this functionality then run *Zebra* with this | |
72 | option and we will use Route Replace Semantics instead of delete | |
73 | than add. | |
74 | ||
75 | .. _interface-commands: | |
76 | ||
77 | Configuration Addresses behaviour | |
78 | ================================= | |
79 | ||
80 | At startup, *Zebra* will first discover the underlying networking objects | |
81 | from the operating system. This includes interfaces, addresses of | |
82 | interfaces, static routes, etc. Then, it will read the configuration | |
83 | file, including its own interface addresses, static routes, etc. All this | |
84 | information comprises the operational context from *Zebra*. But | |
85 | configuration context from *Zebra* will remain the same as the one from | |
86 | :file:`zebra.conf` config file. As an example, executing the following | |
87 | :clicmd:`show running-config` will reflect what was in :file:`zebra.conf`. | |
88 | In a similar way, networking objects that are configured outside of the | |
89 | *Zebra* like *iproute2* will not impact the configuration context from | |
90 | *Zebra*. This behaviour permits you to continue saving your own config | |
91 | file, and decide what is really to be pushed on the config file, and what | |
92 | is dependent on the underlying system. | |
93 | Note that inversely, from *Zebra*, you will not be able to delete networking | |
94 | objects that were previously configured outside of *Zebra*. | |
95 | ||
96 | ||
97 | Interface Commands | |
98 | ================== | |
99 | ||
100 | .. _standard-commands: | |
101 | ||
102 | Standard Commands | |
103 | ----------------- | |
104 | ||
105 | .. index:: interface IFNAME | |
106 | ||
107 | .. clicmd:: interface IFNAME | |
108 | ||
109 | .. index:: interface IFNAME vrf VRF | |
110 | ||
111 | .. clicmd:: interface IFNAME vrf VRF | |
112 | ||
113 | .. index:: shutdown | |
114 | ||
115 | .. clicmd:: shutdown | |
116 | .. index:: no shutdown | |
117 | ||
118 | .. clicmd:: no shutdown | |
119 | ||
120 | Up or down the current interface. | |
121 | ||
122 | .. index:: ip address ADDRESS/PREFIX | |
123 | ||
124 | .. clicmd:: ip address ADDRESS/PREFIX | |
125 | .. index:: ipv6 address ADDRESS/PREFIX | |
126 | ||
127 | .. clicmd:: ipv6 address ADDRESS/PREFIX | |
128 | .. index:: no ip address ADDRESS/PREFIX | |
129 | ||
130 | .. clicmd:: no ip address ADDRESS/PREFIX | |
131 | .. index:: no ipv6 address ADDRESS/PREFIX | |
132 | ||
133 | .. clicmd:: no ipv6 address ADDRESS/PREFIX | |
134 | ||
135 | Set the IPv4 or IPv6 address/prefix for the interface. | |
136 | ||
137 | .. index:: ip address LOCAL-ADDR peer PEER-ADDR/PREFIX | |
138 | ||
139 | .. clicmd:: ip address LOCAL-ADDR peer PEER-ADDR/PREFIX | |
140 | .. index:: no ip address LOCAL-ADDR peer PEER-ADDR/PREFIX | |
141 | ||
142 | .. clicmd:: no ip address LOCAL-ADDR peer PEER-ADDR/PREFIX | |
143 | ||
144 | Configure an IPv4 Point-to-Point address on the interface. (The concept of | |
145 | PtP addressing does not exist for IPv6.) | |
146 | ||
147 | `local-addr` has no subnet mask since the local side in PtP addressing is | |
148 | always a single (/32) address. `peer-addr/prefix` can be an arbitrary subnet | |
149 | behind the other end of the link (or even on the link in Point-to-Multipoint | |
150 | setups), though generally /32s are used. | |
151 | ||
152 | .. index:: description DESCRIPTION ... | |
153 | ||
154 | .. clicmd:: description DESCRIPTION ... | |
155 | ||
156 | Set description for the interface. | |
157 | ||
158 | .. index:: multicast | |
159 | ||
160 | .. clicmd:: multicast | |
161 | .. index:: no multicast | |
162 | ||
163 | .. clicmd:: no multicast | |
164 | ||
165 | Enable or disables multicast flag for the interface. | |
166 | ||
167 | .. index:: bandwidth (1-10000000) | |
168 | ||
169 | .. clicmd:: bandwidth (1-10000000) | |
170 | .. index:: no bandwidth (1-10000000) | |
171 | ||
172 | .. clicmd:: no bandwidth (1-10000000) | |
173 | ||
174 | Set bandwidth value of the interface in kilobits/sec. This is for | |
175 | calculating OSPF cost. This command does not affect the actual device | |
176 | configuration. | |
177 | ||
178 | .. index:: link-detect | |
179 | ||
180 | .. clicmd:: link-detect | |
181 | .. index:: no link-detect | |
182 | ||
183 | .. clicmd:: no link-detect | |
184 | ||
185 | Enable/disable link-detect on platforms which support this. Currently only | |
186 | Linux, and only where network interface drivers support reporting | |
187 | link-state via the ``IFF_RUNNING`` flag. | |
188 | ||
189 | In FRR, link-detect is on by default. | |
190 | ||
191 | .. _link-parameters-commands: | |
192 | ||
193 | Link Parameters Commands | |
194 | ------------------------ | |
195 | ||
196 | .. note:: | |
197 | ||
198 | At this time, FRR offers partial support for some of the routing | |
199 | protocol extensions that can be used with MPLS-TE. FRR does not | |
200 | support a complete RSVP-TE solution currently. | |
201 | ||
202 | .. index:: link-params | |
203 | .. clicmd:: link-params | |
204 | ||
205 | .. index:: no link-param | |
206 | .. clicmd:: no link-param | |
207 | ||
208 | Enter into the link parameters sub node. At least 'enable' must be | |
209 | set to activate the link parameters, and consequently routing | |
210 | information that could be used as part of Traffic Engineering on | |
211 | this interface. MPLS-TE must be enable at the OSPF | |
212 | (:ref:`ospf-traffic-engineering`) or ISIS | |
213 | (:ref:`isis-traffic-engineering`) router level in complement to | |
214 | this. Disable link parameters for this interface. | |
215 | ||
216 | Under link parameter statement, the following commands set the different TE values: | |
217 | ||
218 | .. index:: link-params [enable] | |
219 | .. clicmd:: link-params [enable] | |
220 | ||
221 | Enable link parameters for this interface. | |
222 | ||
223 | .. index:: link-params [metric (0-4294967295)] | |
224 | .. clicmd:: link-params [metric (0-4294967295)] | |
225 | ||
226 | .. index:: link-params max-bw BANDWIDTH | |
227 | .. clicmd:: link-params max-bw BANDWIDTH | |
228 | ||
229 | .. index:: link-params max-rsv-bw BANDWIDTH | |
230 | .. clicmd:: link-params max-rsv-bw BANDWIDTH | |
231 | ||
232 | .. index:: link-params unrsv-bw (0-7) BANDWIDTH | |
233 | .. clicmd:: link-params unrsv-bw (0-7) BANDWIDTH | |
234 | ||
235 | .. index:: link-params admin-grp BANDWIDTH | |
236 | .. clicmd:: link-params admin-grp BANDWIDTH | |
237 | ||
238 | These commands specifies the Traffic Engineering parameters of the interface | |
239 | in conformity to RFC3630 (OSPF) or RFC5305 (ISIS). There are respectively | |
240 | the TE Metric (different from the OSPF or ISIS metric), Maximum Bandwidth | |
241 | (interface speed by default), Maximum Reservable Bandwidth, Unreserved | |
242 | Bandwidth for each 0-7 priority and Admin Group (ISIS) or Resource | |
243 | Class/Color (OSPF). | |
244 | ||
245 | Note that BANDIWDTH is specified in IEEE floating point format and express | |
246 | in Bytes/second. | |
247 | ||
248 | .. index:: link-param delay (0-16777215) [min (0-16777215) | max (0-16777215)] | |
249 | .. clicmd:: link-param delay (0-16777215) [min (0-16777215) | max (0-16777215)] | |
250 | ||
251 | .. index:: link-param delay-variation (0-16777215) | |
252 | .. clicmd:: link-param delay-variation (0-16777215) | |
253 | ||
254 | .. index:: link-param packet-loss PERCENTAGE | |
255 | .. clicmd:: link-param packet-loss PERCENTAGE | |
256 | ||
257 | .. index:: link-param res-bw BANDWIDTH | |
258 | .. clicmd:: link-param res-bw BANDWIDTH | |
259 | ||
260 | .. index:: link-param ava-bw BANDWIDTH | |
261 | .. clicmd:: link-param ava-bw BANDWIDTH | |
262 | ||
263 | .. index:: link-param use-bw BANDWIDTH | |
264 | .. clicmd:: link-param use-bw BANDWIDTH | |
265 | ||
266 | These command specifies additional Traffic Engineering parameters of the | |
267 | interface in conformity to draft-ietf-ospf-te-metrics-extension-05.txt and | |
268 | draft-ietf-isis-te-metrics-extension-03.txt. There are respectively the | |
269 | delay, jitter, loss, available bandwidth, reservable bandwidth and utilized | |
270 | bandwidth. | |
271 | ||
272 | Note that BANDWIDTH is specified in IEEE floating point format and express | |
273 | in Bytes/second. Delays and delay variation are express in micro-second | |
274 | (µs). Loss is specified in PERCENTAGE ranging from 0 to 50.331642% by step | |
275 | of 0.000003. | |
276 | ||
277 | .. index:: link-param neighbor <A.B.C.D> as (0-65535) | |
278 | .. clicmd:: link-param neighbor <A.B.C.D> as (0-65535) | |
279 | ||
280 | .. index:: link-param no neighbor | |
281 | .. clicmd:: link-param no neighbor | |
282 | ||
283 | Specifies the remote ASBR IP address and Autonomous System (AS) number | |
284 | for InterASv2 link in OSPF (RFC5392). Note that this option is not yet | |
285 | supported for ISIS (RFC5316). | |
286 | ||
287 | .. index:: ip nht resolve-via-default | |
288 | .. clicmd:: ip nht resolve-via-default | |
289 | ||
290 | Allows nexthop tracking to resolve via the default route. This is useful | |
291 | when e.g. you want to allow BGP to peer across the default route. | |
292 | ||
293 | .. _zebra-vrf: | |
294 | ||
295 | Administrative Distance | |
296 | ======================= | |
297 | ||
298 | Administrative distance allows FRR to make decisions about what routes | |
299 | should be installed in the rib based upon the originating protocol. | |
300 | The lowest Admin Distance is the route selected. This is purely a | |
301 | subjective decision about ordering and care has been taken to choose | |
302 | the same distances that other routing suites have choosen. | |
303 | ||
304 | +------------+-----------+ | |
305 | | Protocol | Distance | | |
306 | +------------+-----------+ | |
307 | | System | 0 | | |
308 | +------------+-----------+ | |
309 | | Kernel | 0 | | |
310 | +------------+-----------+ | |
311 | | Connect | 0 | | |
312 | +------------+-----------+ | |
313 | | Static | 1 | | |
314 | +------------+-----------+ | |
315 | | NHRP | 10 | | |
316 | +------------+-----------+ | |
317 | | EBGP | 20 | | |
318 | +------------+-----------+ | |
319 | | EIGRP | 90 | | |
320 | +------------+-----------+ | |
321 | | BABEL | 100 | | |
322 | +------------+-----------+ | |
323 | | OSPF | 110 | | |
324 | +------------+-----------+ | |
325 | | ISIS | 115 | | |
326 | +------------+-----------+ | |
327 | | OPENFABRIC | 115 | | |
328 | +------------+-----------+ | |
329 | | RIP | 120 | | |
330 | +------------+-----------+ | |
331 | | Table | 150 | | |
332 | +------------+-----------+ | |
333 | | SHARP | 150 | | |
334 | +------------+-----------+ | |
335 | | IBGP | 200 | | |
336 | +------------+-----------+ | |
337 | | PBR | 200 | | |
338 | +------------+-----------+ | |
339 | ||
340 | An admin distance of 255 indicates to Zebra that the route should not be | |
341 | installed into the Data Plane. Additionally routes with an admin distance | |
342 | of 255 will not be redistributed. | |
343 | ||
344 | Zebra does treat Kernel routes as special case for the purposes of Admin | |
345 | Distance. Upon learning about a route that is not originated by FRR | |
346 | we read the metric value as a uint32_t. The top byte of the value | |
347 | is interpreted as the Administrative Distance and the low three bytes | |
348 | are read in as the metric. This special case is to facilitate VRF | |
349 | default routes. | |
350 | ||
351 | Virtual Routing and Forwarding | |
352 | ============================== | |
353 | ||
354 | FRR supports :abbr:`VRF (Virtual Routing and Forwarding)`. VRF is a way to | |
355 | separate networking contexts on the same machine. Those networking contexts are | |
356 | associated with separate interfaces, thus making it possible to associate one | |
357 | interface with a specific VRF. | |
358 | ||
359 | VRF can be used, for example, when instantiating per enterprise networking | |
360 | services, without having to instantiate the physical host machine or the | |
361 | routing management daemons for each enterprise. As a result, interfaces are | |
362 | separate for each set of VRF, and routing daemons can have their own context | |
363 | for each VRF. | |
364 | ||
365 | This conceptual view introduces the *Default VRF* case. If the user does not | |
366 | configure any specific VRF, then by default, FRR uses the *Default VRF*. | |
367 | ||
368 | Configuring VRF networking contexts can be done in various ways on FRR. The VRF | |
369 | interfaces can be configured by entering in interface configuration mode | |
370 | :clicmd:`interface IFNAME vrf VRF`. | |
371 | ||
372 | A VRF backend mode is chosen when running *Zebra*. | |
373 | ||
374 | If no option is chosen, then the *Linux VRF* implementation as references in | |
375 | https://www.kernel.org/doc/Documentation/networking/vrf.txt will be mapped over | |
376 | the *Zebra* VRF. The routing table associated to that VRF is a Linux table | |
377 | identifier located in the same *Linux network namespace* where *Zebra* started. | |
378 | ||
379 | If the :option:`-n` option is chosen, then the *Linux network namespace* will | |
380 | be mapped over the *Zebra* VRF. That implies that *Zebra* is able to configure | |
381 | several *Linux network namespaces*. The routing table associated to that VRF | |
382 | is the whole routing tables located in that namespace. For instance, this mode | |
383 | matches OpenStack Network Namespaces. It matches also OpenFastPath. The default | |
384 | behavior remains Linux VRF which is supported by the Linux kernel community, | |
385 | see https://www.kernel.org/doc/Documentation/networking/vrf.txt. | |
386 | ||
387 | Because of that difference, there are some subtle differences when running some | |
388 | commands in relationship to VRF. Here is an extract of some of those commands: | |
389 | ||
390 | .. index:: vrf VRF | |
391 | .. clicmd:: vrf VRF | |
392 | ||
393 | This command is available on configuration mode. By default, above command | |
394 | permits accessing the VRF configuration mode. This mode is available for | |
395 | both VRFs. It is to be noted that *Zebra* does not create Linux VRF. | |
396 | The network administrator can however decide to provision this command in | |
397 | configuration file to provide more clarity about the intended configuration. | |
398 | ||
399 | .. index:: netns NAMESPACE | |
400 | .. clicmd:: netns NAMESPACE | |
401 | ||
402 | This command is based on VRF configuration mode. This command is available | |
403 | when *Zebra* is run in :option:`-n` mode. This command reflects which *Linux | |
404 | network namespace* is to be mapped with *Zebra* VRF. It is to be noted that | |
405 | *Zebra* creates and detects added/suppressed VRFs from the Linux environment | |
406 | (in fact, those managed with iproute2). The network administrator can however | |
407 | decide to provision this command in configuration file to provide more clarity | |
408 | about the intended configuration. | |
409 | ||
410 | .. index:: show ip route vrf VRF | |
411 | .. clicmd:: show ip route vrf VRF | |
412 | ||
413 | The show command permits dumping the routing table associated to the VRF. If | |
414 | *Zebra* is launched with default settings, this will be the ``TABLENO`` of | |
415 | the VRF configured on the kernel, thanks to information provided in | |
416 | https://www.kernel.org/doc/Documentation/networking/vrf.txt. If *Zebra* is | |
417 | launched with :option:`-n` option, this will be the default routing table of | |
418 | the *Linux network namespace* ``VRF``. | |
419 | ||
420 | .. index:: show ip route vrf VRF table TABLENO | |
421 | .. clicmd:: show ip route vrf VRF table TABLENO | |
422 | ||
423 | The show command is only available with :option:`-n` option. This command | |
424 | will dump the routing table ``TABLENO`` of the *Linux network namespace* | |
425 | ``VRF``. | |
426 | ||
427 | .. index:: show ip route vrf VRF tables | |
428 | .. clicmd:: show ip route vrf VRF tables | |
429 | ||
430 | This command will dump the routing tables within the vrf scope. If `vrf all` | |
431 | is executed, all routing tables will be dumped. | |
432 | ||
433 | .. index:: show <ip|ipv6> route summary [vrf VRF] [table TABLENO] [prefix] | |
434 | .. clicmd:: show <ip|ipv6> route summary [vrf VRF] [table TABLENO] [prefix] | |
435 | ||
436 | This command will dump a summary output of the specified VRF and TABLENO | |
437 | combination. If neither VRF or TABLENO is specified FRR defaults to | |
438 | the default vrf and default table. If prefix is specified dump the | |
439 | number of prefix routes. | |
440 | ||
441 | By using the :option:`-n` option, the *Linux network namespace* will be mapped | |
442 | over the *Zebra* VRF. One nice feature that is possible by handling *Linux | |
443 | network namespace* is the ability to name default VRF. At startup, *Zebra* | |
444 | discovers the available *Linux network namespace* by parsing folder | |
445 | `/var/run/netns`. Each file stands for a *Linux network namespace*, but not all | |
446 | *Linux network namespaces* are available under that folder. This is the case for | |
447 | default VRF. It is possible to name the default VRF, by creating a file, by | |
448 | executing following commands. | |
449 | ||
450 | .. code-block:: shell | |
451 | ||
452 | touch /var/run/netns/vrf0 | |
453 | mount --bind /proc/self/ns/net /var/run/netns/vrf0 | |
454 | ||
455 | Above command illustrates what happens when the default VRF is visible under | |
456 | `var/run/netns/`. Here, the default VRF file is `vrf0`. | |
457 | At startup, FRR detects the presence of that file. It detects that the file | |
458 | statistics information matches the same file statistics information as | |
459 | `/proc/self/ns/net` ( through stat() function). As statistics information | |
460 | matches, then `vrf0` stands for the new default namespace name. | |
461 | Consequently, the VRF naming `Default` will be overridden by the new discovered | |
462 | namespace name `vrf0`. | |
463 | ||
464 | For those who don't use VRF backend with *Linux network namespace*, it is | |
465 | possible to statically configure and recompile FRR. It is possible to choose an | |
466 | alternate name for default VRF. Then, the default VRF naming will automatically | |
467 | be updated with the new name. To illustrate, if you want to recompile with | |
468 | `global` value, use the following command: | |
469 | ||
470 | .. code-block:: shell | |
471 | ||
472 | ./configure --with-defaultvrfname=global | |
473 | ||
474 | .. _zebra-mpls: | |
475 | ||
476 | MPLS Commands | |
477 | ============= | |
478 | ||
479 | You can configure static mpls entries in zebra. Basically, handling MPLS | |
480 | consists of popping, swapping or pushing labels to IP packets. | |
481 | ||
482 | MPLS Acronyms | |
483 | ------------- | |
484 | ||
485 | :abbr:`LSR (Labeled Switch Router)` | |
486 | Networking devices handling labels used to forward traffic between and through | |
487 | them. | |
488 | ||
489 | :abbr:`LER (Labeled Edge Router)` | |
490 | A Labeled edge router is located at the edge of an MPLS network, generally | |
491 | between an IP network and an MPLS network. | |
492 | ||
493 | MPLS Push Action | |
494 | ---------------- | |
495 | ||
496 | The push action is generally used for LER devices, which want to encapsulate | |
497 | all traffic for a wished destination into an MPLS label. This action is stored | |
498 | in routing entry, and can be configured like a route: | |
499 | ||
500 | .. index:: [no] ip route NETWORK MASK GATEWAY|INTERFACE label LABEL | |
501 | .. clicmd:: [no] ip route NETWORK MASK GATEWAY|INTERFACE label LABEL | |
502 | ||
503 | NETWORK and MASK stand for the IP prefix entry to be added as static | |
504 | route entry. | |
505 | GATEWAY is the gateway IP address to reach, in order to reach the prefix. | |
506 | INTERFACE is the interface behind which the prefix is located. | |
507 | LABEL is the MPLS label to use to reach the prefix abovementioned. | |
508 | ||
509 | You can check that the static entry is stored in the zebra RIB database, by | |
510 | looking at the presence of the entry. | |
511 | ||
512 | :: | |
513 | ||
514 | zebra(configure)# ip route 1.1.1.1/32 10.0.1.1 label 777 | |
515 | zebra# show ip route | |
516 | Codes: K - kernel route, C - connected, S - static, R - RIP, | |
517 | O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP, | |
518 | T - Table, v - VNC, V - VNC-Direct, A - Babel, D - SHARP, | |
519 | F - PBR, | |
520 | > - selected route, * - FIB route | |
521 | ||
522 | S>* 1.1.1.1/32 [1/0] via 10.0.1.1, r2-eth0, label 777, 00:39:42 | |
523 | ||
524 | MPLS Swap and Pop Action | |
525 | ------------------------ | |
526 | ||
527 | The swap action is generally used for LSR devices, which swap a packet with a | |
528 | label, with an other label. The Pop action is used on LER devices, at the | |
529 | termination of the MPLS traffic; this is used to remove MPLS header. | |
530 | ||
531 | .. index:: [no] mpls lsp INCOMING_LABEL GATEWAY OUTGOING_LABEL|explicit-null|implicit-null | |
532 | .. clicmd:: [no] mpls lsp INCOMING_LABEL GATEWAY OUTGOING_LABEL|explicit-null|implicit-null | |
533 | ||
534 | INCOMING_LABEL and OUTGOING_LABEL are MPLS labels with values ranging from 16 | |
535 | to 1048575. | |
536 | GATEWAY is the gateway IP address where to send MPLS packet. | |
537 | The outgoing label can either be a value or have an explicit-null label header. This | |
538 | specific header can be read by IP devices. The incoming label can also be removed; in | |
539 | that case the implicit-null keyword is used, and the outgoing packet emitted is an IP | |
540 | packet without MPLS header. | |
541 | ||
542 | You can check that the MPLS actions are stored in the zebra MPLS table, by looking at the | |
543 | presence of the entry. | |
544 | ||
545 | .. index:: show mpls table | |
546 | .. clicmd:: show mpls table | |
547 | ||
548 | :: | |
549 | ||
550 | zebra(configure)# mpls lsp 18 10.125.0.2 implicit-null | |
551 | zebra(configure)# mpls lsp 19 10.125.0.2 20 | |
552 | zebra(configure)# mpls lsp 21 10.125.0.2 explicit-null | |
553 | zebra# show mpls table | |
554 | Inbound Outbound | |
555 | Label Type Nexthop Label | |
556 | -------- ------- --------------- -------- | |
557 | 18 Static 10.125.0.2 implicit-null | |
558 | 19 Static 10.125.0.2 20 | |
559 | 21 Static 10.125.0.2 IPv4 Explicit Null | |
560 | ||
561 | ||
562 | .. _multicast-rib-commands: | |
563 | ||
564 | Multicast RIB Commands | |
565 | ====================== | |
566 | ||
567 | The Multicast RIB provides a separate table of unicast destinations which | |
568 | is used for Multicast Reverse Path Forwarding decisions. It is used with | |
569 | a multicast source's IP address, hence contains not multicast group | |
570 | addresses but unicast addresses. | |
571 | ||
572 | This table is fully separate from the default unicast table. However, | |
573 | RPF lookup can include the unicast table. | |
574 | ||
575 | WARNING: RPF lookup results are non-responsive in this version of FRR, | |
576 | i.e. multicast routing does not actively react to changes in underlying | |
577 | unicast topology! | |
578 | ||
579 | .. index:: ip multicast rpf-lookup-mode MODE | |
580 | .. clicmd:: ip multicast rpf-lookup-mode MODE | |
581 | ||
582 | .. index:: no ip multicast rpf-lookup-mode [MODE] | |
583 | .. clicmd:: no ip multicast rpf-lookup-mode [MODE] | |
584 | ||
585 | MODE sets the method used to perform RPF lookups. Supported modes: | |
586 | ||
587 | urib-only | |
588 | Performs the lookup on the Unicast RIB. The Multicast RIB is never used. | |
589 | ||
590 | mrib-only | |
591 | Performs the lookup on the Multicast RIB. The Unicast RIB is never used. | |
592 | ||
593 | mrib-then-urib | |
594 | Tries to perform the lookup on the Multicast RIB. If any route is found, | |
595 | that route is used. Otherwise, the Unicast RIB is tried. | |
596 | ||
597 | lower-distance | |
598 | Performs a lookup on the Multicast RIB and Unicast RIB each. The result | |
599 | with the lower administrative distance is used; if they're equal, the | |
600 | Multicast RIB takes precedence. | |
601 | ||
602 | longer-prefix | |
603 | Performs a lookup on the Multicast RIB and Unicast RIB each. The result | |
604 | with the longer prefix length is used; if they're equal, the | |
605 | Multicast RIB takes precedence. | |
606 | ||
607 | The `mrib-then-urib` setting is the default behavior if nothing is | |
608 | configured. If this is the desired behavior, it should be explicitly | |
609 | configured to make the configuration immune against possible changes in | |
610 | what the default behavior is. | |
611 | ||
612 | .. warning:: | |
613 | Unreachable routes do not receive special treatment and do not cause | |
614 | fallback to a second lookup. | |
615 | ||
616 | .. index:: show ip rpf ADDR | |
617 | .. clicmd:: show ip rpf ADDR | |
618 | ||
619 | Performs a Multicast RPF lookup, as configured with ``ip multicast | |
620 | rpf-lookup-mode MODE``. ADDR specifies the multicast source address to look | |
621 | up. | |
622 | ||
623 | :: | |
624 | ||
625 | > show ip rpf 192.0.2.1 | |
626 | Routing entry for 192.0.2.0/24 using Unicast RIB | |
627 | ||
628 | Known via "kernel", distance 0, metric 0, best | |
629 | * 198.51.100.1, via eth0 | |
630 | ||
631 | ||
632 | Indicates that a multicast source lookup for 192.0.2.1 would use an | |
633 | Unicast RIB entry for 192.0.2.0/24 with a gateway of 198.51.100.1. | |
634 | ||
635 | .. index:: show ip rpf | |
636 | .. clicmd:: show ip rpf | |
637 | ||
638 | Prints the entire Multicast RIB. Note that this is independent of the | |
639 | configured RPF lookup mode, the Multicast RIB may be printed yet not | |
640 | used at all. | |
641 | ||
642 | .. index:: ip mroute PREFIX NEXTHOP [DISTANCE] | |
643 | .. clicmd:: ip mroute PREFIX NEXTHOP [DISTANCE] | |
644 | ||
645 | .. index:: no ip mroute PREFIX NEXTHOP [DISTANCE] | |
646 | .. clicmd:: no ip mroute PREFIX NEXTHOP [DISTANCE] | |
647 | ||
648 | Adds a static route entry to the Multicast RIB. This performs exactly as the | |
649 | ``ip route`` command, except that it inserts the route in the Multicast RIB | |
650 | instead of the Unicast RIB. | |
651 | ||
652 | .. _zebra-route-filtering: | |
653 | ||
654 | zebra Route Filtering | |
655 | ===================== | |
656 | ||
657 | Zebra supports :dfn:`prefix-list` s and :ref:`route-map` s to match routes | |
658 | received from other FRR components. The permit/deny facilities provided by | |
659 | these commands can be used to filter which routes zebra will install in the | |
660 | kernel. | |
661 | ||
662 | .. index:: ip protocol PROTOCOL route-map ROUTEMAP | |
663 | .. clicmd:: ip protocol PROTOCOL route-map ROUTEMAP | |
664 | ||
665 | Apply a route-map filter to routes for the specified protocol. PROTOCOL can | |
666 | be: | |
667 | ||
668 | - any, | |
669 | - babel, | |
670 | - bgp, | |
671 | - connected, | |
672 | - eigrp, | |
673 | - isis, | |
674 | - kernel, | |
675 | - nhrp, | |
676 | - openfabric, | |
677 | - ospf, | |
678 | - ospf6, | |
679 | - rip, | |
680 | - sharp, | |
681 | - static, | |
682 | - ripng, | |
683 | - table, | |
684 | - vnc. | |
685 | ||
686 | If you choose any as the option that will cause all protocols that are sending | |
687 | routes to zebra. You can specify a :dfn:`ip protocol PROTOCOL route-map ROUTEMAP` | |
688 | on a per vrf basis, by entering this command under vrf mode for the vrf you | |
689 | want to apply the route-map against. | |
690 | ||
691 | .. index:: set src ADDRESS | |
692 | .. clicmd:: set src ADDRESS | |
693 | ||
694 | Within a route-map, set the preferred source address for matching routes | |
695 | when installing in the kernel. | |
696 | ||
697 | ||
698 | The following creates a prefix-list that matches all addresses, a route-map | |
699 | that sets the preferred source address, and applies the route-map to all | |
700 | *rip* routes. | |
701 | ||
702 | .. code-block:: frr | |
703 | ||
704 | ip prefix-list ANY permit 0.0.0.0/0 le 32 | |
705 | route-map RM1 permit 10 | |
706 | match ip address prefix-list ANY | |
707 | set src 10.0.0.1 | |
708 | ||
709 | ip protocol rip route-map RM1 | |
710 | ||
711 | IPv6 example for OSPFv3. | |
712 | ||
713 | .. code-block:: frr | |
714 | ||
715 | ipv6 prefix-list ANY seq 10 permit any | |
716 | route-map RM6 permit 10 | |
717 | match ipv6 address prefix-list ANY | |
718 | set src 2001:db8:425:1000::3 | |
719 | ||
720 | ipv6 protocol ospf6 route-map RM6 | |
721 | ||
722 | ||
723 | .. note:: | |
724 | ||
725 | For both IPv4 and IPv6, the IP address has to exist at the point the | |
726 | route-map is created. Be wary of race conditions if the interface is | |
727 | not created at startup. On Debian, FRR might start before ifupdown | |
728 | completes. Consider a reboot test. | |
729 | ||
730 | .. _zebra-fib-push-interface: | |
731 | ||
732 | zebra FIB push interface | |
733 | ======================== | |
734 | ||
735 | Zebra supports a 'FIB push' interface that allows an external | |
736 | component to learn the forwarding information computed by the FRR | |
737 | routing suite. This is a loadable module that needs to be enabled | |
738 | at startup as described in :ref:`loadable-module-support`. | |
739 | ||
740 | In FRR, the Routing Information Base (RIB) resides inside | |
741 | zebra. Routing protocols communicate their best routes to zebra, and | |
742 | zebra computes the best route across protocols for each prefix. This | |
743 | latter information makes up the Forwarding Information Base | |
744 | (FIB). Zebra feeds the FIB to the kernel, which allows the IP stack in | |
745 | the kernel to forward packets according to the routes computed by | |
746 | FRR. The kernel FIB is updated in an OS-specific way. For example, | |
747 | the `Netlink` interface is used on Linux, and route sockets are | |
748 | used on FreeBSD. | |
749 | ||
750 | The FIB push interface aims to provide a cross-platform mechanism to | |
751 | support scenarios where the router has a forwarding path that is | |
752 | distinct from the kernel, commonly a hardware-based fast path. In | |
753 | these cases, the FIB needs to be maintained reliably in the fast path | |
754 | as well. We refer to the component that programs the forwarding plane | |
755 | (directly or indirectly) as the Forwarding Plane Manager or FPM. | |
756 | ||
757 | .. program:: configure | |
758 | ||
759 | The relevant zebra code kicks in when zebra is configured with the | |
760 | :option:`--enable-fpm` flag and started with the module (``-M fpm`` | |
761 | or ``-M dplane_fpm_nl``). | |
762 | ||
763 | .. note:: | |
764 | ||
765 | The ``fpm`` implementation attempts to connect to ``127.0.0.1`` port ``2620`` | |
766 | by default without configurations. The ``dplane_fpm_nl`` only attempts to | |
767 | connect to a server if configured. | |
768 | ||
769 | Zebra periodically attempts to connect to the well-known FPM port (``2620``). | |
770 | Once the connection is up, zebra starts sending messages containing routes | |
771 | over the socket to the FPM. Zebra sends a complete copy of the forwarding | |
772 | table to the FPM, including routes that it may have picked up from the kernel. | |
773 | The existing interaction of zebra with the kernel remains unchanged -- that | |
774 | is, the kernel continues to receive FIB updates as before. | |
775 | ||
776 | The default FPM message format is netlink, however it can be controlled | |
777 | with the module load-time option. The modules accept the following options: | |
778 | ||
779 | - ``fpm``: ``netlink`` and ``protobuf``. | |
780 | - ``dplane_fpm_nl``: none, it only implements netlink. | |
781 | ||
782 | The zebra FPM interface uses replace semantics. That is, if a 'route | |
783 | add' message for a prefix is followed by another 'route add' message, | |
784 | the information in the second message is complete by itself, and | |
785 | replaces the information sent in the first message. | |
786 | ||
787 | If the connection to the FPM goes down for some reason, zebra sends | |
788 | the FPM a complete copy of the forwarding table(s) when it reconnects. | |
789 | ||
790 | For more details on the implementation, please read the developer's manual FPM | |
791 | section. | |
792 | ||
793 | FPM Commands | |
794 | ============ | |
795 | ||
796 | ``fpm`` implementation | |
797 | ---------------------- | |
798 | ||
799 | .. index:: fpm connection ip A.B.C.D port (1-65535) | |
800 | .. clicmd:: fpm connection ip A.B.C.D port (1-65535) | |
801 | ||
802 | Configure ``zebra`` to connect to a different FPM server than | |
803 | ``127.0.0.1`` port ``2620``. | |
804 | ||
805 | ||
806 | .. index:: no fpm connection ip A.B.C.D port (1-65535) | |
807 | .. clicmd:: no fpm connection ip A.B.C.D port (1-65535) | |
808 | ||
809 | Configure ``zebra`` to connect to the default FPM server at ``127.0.0.1`` | |
810 | port ``2620``. | |
811 | ||
812 | ||
813 | .. index:: show zebra fpm stats | |
814 | .. clicmd:: show zebra fpm stats | |
815 | ||
816 | Shows the FPM statistics. | |
817 | ||
818 | Sample output: | |
819 | ||
820 | :: | |
821 | ||
822 | Counter Total Last 10 secs | |
823 | ||
824 | connect_calls 3 2 | |
825 | connect_no_sock 0 0 | |
826 | read_cb_calls 2 2 | |
827 | write_cb_calls 2 0 | |
828 | write_calls 1 0 | |
829 | partial_writes 0 0 | |
830 | max_writes_hit 0 0 | |
831 | t_write_yields 0 0 | |
832 | nop_deletes_skipped 6 0 | |
833 | route_adds 5 0 | |
834 | route_dels 0 0 | |
835 | updates_triggered 11 0 | |
836 | redundant_triggers 0 0 | |
837 | dests_del_after_update 0 0 | |
838 | t_conn_down_starts 0 0 | |
839 | t_conn_down_dests_processed 0 0 | |
840 | t_conn_down_yields 0 0 | |
841 | t_conn_down_finishes 0 0 | |
842 | t_conn_up_starts 1 0 | |
843 | t_conn_up_dests_processed 11 0 | |
844 | t_conn_up_yields 0 0 | |
845 | t_conn_up_aborts 0 0 | |
846 | t_conn_up_finishes 1 0 | |
847 | ||
848 | ||
849 | .. index:: clear zebra fpm stats | |
850 | .. clicmd:: clear zebra fpm stats | |
851 | ||
852 | Reset statistics related to the zebra code that interacts with the | |
853 | optional Forwarding Plane Manager (FPM) component. | |
854 | ||
855 | ||
856 | ``dplane_fpm_nl`` implementation | |
857 | -------------------------------- | |
858 | ||
859 | .. index:: fpm address <A.B.C.D|X:X::X:X> [port (1-65535)] | |
860 | .. clicmd:: fpm address <A.B.C.D|X:X::X:X> [port (1-65535)] | |
861 | ||
862 | Configures the FPM server address. Once configured ``zebra`` will attempt | |
863 | to connect to it immediately. | |
864 | ||
865 | ||
866 | .. index:: no fpm address [<A.B.C.D|X:X::X:X> [port (1-65535)]] | |
867 | .. clicmd:: no fpm address [<A.B.C.D|X:X::X:X> [port (1-65535)]] | |
868 | ||
869 | Disables FPM entirely. ``zebra`` will close any current connections and | |
870 | will not attempt to connect to it anymore. | |
871 | ||
872 | ||
873 | .. index:: fpm use-next-hop-groups | |
874 | .. clicmd:: fpm use-next-hop-groups | |
875 | ||
876 | Use the new netlink messages ``RTM_NEWNEXTHOP`` / ``RTM_DELNEXTHOP`` to | |
877 | group repeated route next hop information. | |
878 | ||
879 | ||
880 | .. index:: no fpm use-next-hop-groups | |
881 | .. clicmd:: no fpm use-next-hop-groups | |
882 | ||
883 | Use the old known FPM behavior of including next hop information in the | |
884 | route (e.g. ``RTM_NEWROUTE``) messages. | |
885 | ||
886 | ||
887 | .. index:: show fpm counters [json] | |
888 | .. clicmd:: show fpm counters [json] | |
889 | ||
890 | Show the FPM statistics (plain text or JSON formatted). | |
891 | ||
892 | Sample output: | |
893 | ||
894 | :: | |
895 | ||
896 | FPM counters | |
897 | ============ | |
898 | Input bytes: 0 | |
899 | Output bytes: 308 | |
900 | Output buffer current size: 0 | |
901 | Output buffer peak size: 308 | |
902 | Connection closes: 0 | |
903 | Connection errors: 0 | |
904 | Data plane items processed: 0 | |
905 | Data plane items enqueued: 0 | |
906 | Data plane items queue peak: 0 | |
907 | Buffer full hits: 0 | |
908 | User FPM configurations: 1 | |
909 | User FPM disable requests: 0 | |
910 | ||
911 | ||
912 | .. index:: clear fpm counters | |
913 | .. clicmd:: clear fpm counters | |
914 | ||
915 | Reset statistics related to the zebra code that interacts with the | |
916 | optional Forwarding Plane Manager (FPM) component. | |
917 | ||
918 | ||
919 | .. _zebra-dplane: | |
920 | ||
921 | Dataplane Commands | |
922 | ================== | |
923 | ||
924 | The zebra dataplane subsystem provides a framework for FIB | |
925 | programming. Zebra uses the dataplane to program the local kernel as | |
926 | it makes changes to objects such as IP routes, MPLS LSPs, and | |
927 | interface IP addresses. The dataplane runs in its own pthread, in | |
928 | order to off-load work from the main zebra pthread. | |
929 | ||
930 | ||
931 | .. index:: show zebra dplane [detailed] | |
932 | .. clicmd:: show zebra dplane [detailed] | |
933 | ||
934 | Display statistics about the updates and events passing through the | |
935 | dataplane subsystem. | |
936 | ||
937 | ||
938 | .. index:: show zebra dplane providers | |
939 | .. clicmd:: show zebra dplane providers | |
940 | ||
941 | Display information about the running dataplane plugins that are | |
942 | providing updates to a FIB. By default, the local kernel plugin is | |
943 | present. | |
944 | ||
945 | ||
946 | .. index:: zebra dplane limit [NUMBER] | |
947 | .. clicmd:: zebra dplane limit [NUMBER] | |
948 | ||
949 | Configure the limit on the number of pending updates that are | |
950 | waiting to be processed by the dataplane pthread. | |
951 | ||
952 | ||
953 | zebra Terminal Mode Commands | |
954 | ============================ | |
955 | ||
956 | .. index:: show ip route | |
957 | .. clicmd:: show ip route | |
958 | ||
959 | Display current routes which zebra holds in its database. | |
960 | ||
961 | :: | |
962 | ||
963 | Router# show ip route | |
964 | Codes: K - kernel route, C - connected, S - static, R - RIP, | |
965 | B - BGP * - FIB route. | |
966 | ||
967 | K* 0.0.0.0/0 203.181.89.241 | |
968 | S 0.0.0.0/0 203.181.89.1 | |
969 | C* 127.0.0.0/8 lo | |
970 | C* 203.181.89.240/28 eth0 | |
971 | ||
972 | ||
973 | .. index:: show ipv6 route | |
974 | .. clicmd:: show ipv6 route | |
975 | ||
976 | .. index:: show [ip|ipv6] route [PREFIX] [nexthop-group] | |
977 | .. clicmd:: show [ip|ipv6] route [PREFIX] [nexthop-group] | |
978 | ||
979 | Display detailed information about a route. If [nexthop-group] is | |
980 | included, it will display the nexthop group ID the route is using as well. | |
981 | ||
982 | .. index:: show interface [NAME] [{vrf VRF|brief}] [nexthop-group] | |
983 | .. clicmd:: show interface [NAME] [{vrf VRF|brief}] [nexthop-group] | |
984 | ||
985 | .. index:: show interface [NAME] [{vrf all|brief}] [nexthop-group] | |
986 | .. clicmd:: show interface [NAME] [{vrf all|brief}] [nexthop-group] | |
987 | ||
988 | Display interface information. If no extra information is added, it will | |
989 | dump information on all interfaces. If [NAME] is specified, it will display | |
990 | detailed information about that single interface. If [nexthop-group] is | |
991 | specified, it will display nexthop groups pointing out that interface. | |
992 | ||
993 | .. index:: show ip prefix-list [NAME] | |
994 | .. clicmd:: show ip prefix-list [NAME] | |
995 | ||
996 | .. index:: show route-map [NAME] | |
997 | .. clicmd:: show route-map [NAME] | |
998 | ||
999 | .. index:: show ip protocol | |
1000 | .. clicmd:: show ip protocol | |
1001 | ||
1002 | .. index:: show ip forward | |
1003 | .. clicmd:: show ip forward | |
1004 | ||
1005 | Display whether the host's IP forwarding function is enabled or not. | |
1006 | Almost any UNIX kernel can be configured with IP forwarding disabled. | |
1007 | If so, the box can't work as a router. | |
1008 | ||
1009 | .. index:: show ipv6 forward | |
1010 | .. clicmd:: show ipv6 forward | |
1011 | ||
1012 | Display whether the host's IP v6 forwarding is enabled or not. | |
1013 | ||
1014 | .. index:: show zebra | |
1015 | .. clicmd:: show zebra | |
1016 | ||
1017 | Display various statistics related to the installation and deletion | |
1018 | of routes, neighbor updates, and LSP's into the kernel. | |
1019 | ||
1020 | .. index:: show zebra client [summary] | |
1021 | .. clicmd:: show zebra client [summary] | |
1022 | ||
1023 | Display statistics about clients that are connected to zebra. This is | |
1024 | useful for debugging and seeing how much data is being passed between | |
1025 | zebra and it's clients. If the summary form of the command is choosen | |
1026 | a table is displayed with shortened information. | |
1027 | ||
1028 | .. index:: show zebra router table summary | |
1029 | .. clicmd:: show zebra router table summary | |
1030 | ||
1031 | Display summarized data about tables created, their afi/safi/tableid | |
1032 | and how many routes each table contains. Please note this is the | |
1033 | total number of route nodes in the table. Which will be higher than | |
1034 | the actual number of routes that are held. | |
1035 | ||
1036 | .. index:: show nexthop-group rib [ID] [vrf NAME] [singleton [ip|ip6]] | |
1037 | .. clicmd:: show nexthop-group rib [ID] [vrf NAME] | |
1038 | ||
1039 | Display nexthop groups created by zebra. The [vrf NAME] option | |
1040 | is only meaningful if you have started zebra with the --vrfwnetns | |
1041 | option as that nexthop groups are per namespace in linux. | |
1042 | If you specify singleton you would like to see the singleton | |
1043 | nexthop groups that do have an afi. | |
1044 | ||
1045 | ||
1046 | Router-id | |
1047 | ========= | |
1048 | ||
1049 | Many routing protocols require a router-id to be configured. To have a | |
1050 | consistent router-id across all daemons, the following commands are available | |
1051 | to configure and display the router-id: | |
1052 | ||
1053 | .. index:: [no] [ip] router-id A.B.C.D | |
1054 | .. clicmd:: [no] [ip] router-id A.B.C.D | |
1055 | ||
1056 | Allow entering of the router-id. This command also works under the | |
1057 | vrf subnode, to allow router-id's per vrf. | |
1058 | ||
1059 | .. index:: [no] [ip] router-id A.B.C.D vrf NAME | |
1060 | .. clicmd:: [no] [ip] router-id A.B.C.D vrf NAME | |
1061 | ||
1062 | Configure the router-id of this router from the configure NODE. | |
1063 | A show run of this command will display the router-id command | |
1064 | under the vrf sub node. This command is deprecated and will | |
1065 | be removed at some point in time in the future. | |
1066 | ||
1067 | .. index:: show [ip] router-id [vrf NAME] | |
1068 | .. clicmd:: show [ip] router-id [vrf NAME] | |
1069 | ||
1070 | Display the user configured router-id. | |
1071 | ||
1072 | For protocols requiring an IPv6 router-id, the following commands are available: | |
1073 | ||
1074 | .. index:: [no] ipv6 router-id X:X::X:X | |
1075 | .. clicmd:: [no] ipv6 router-id X:X::X:X | |
1076 | ||
1077 | Configure the IPv6 router-id of this router. Like its IPv4 counterpart, | |
1078 | this command works under the vrf subnode, to allow router-id's per vrf. | |
1079 | ||
1080 | .. index:: show ipv6 router-id [vrf NAME] | |
1081 | .. clicmd:: show ipv6 router-id [vrf NAME] | |
1082 | ||
1083 | Display the user configured IPv6 router-id. |