]> git.proxmox.com Git - mirror_frr.git/blame_incremental - doc/user/zebra.rst
projects / mirror_frr.git / blame_incremental
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (non-incremental) | history | HEAD
Merge pull request #7306 from donaldsharp/bgp_dest_print
[mirror_frr.git] / doc / user / zebra.rst
... / ...
CommitLineData
1.. _zebra:
2
3*****
4Zebra
5*****
6
7*zebra* is an IP routing manager. It provides kernel routing
8table updates, interface lookups, and redistribution of routes between
9different routing protocols.
10
11.. _invoking-zebra:
12
13Invoking zebra
14==============
15
16Besides the common invocation options (:ref:`common-invocation-options`), the
17*zebra* specific invocation options are listed below.
18
19.. program:: zebra
20
21.. option:: -b, --batch
22
23 Runs in batch mode. *zebra* parses configuration file and terminates
24 immediately.
25
26.. option:: -K TIME, --graceful_restart TIME
27
28 If this option is specified, the graceful restart time is TIME seconds.
29 Zebra, when started, will read in routes. Those routes that Zebra
30 identifies that it was the originator of will be swept in TIME seconds.
31 If no time is specified then we will sweep those routes immediately.
32
33.. option:: -r, --retain
34
35 When program terminates, do not flush routes installed by *zebra* from the
36 kernel.
37
38.. option:: -e X, --ecmp X
39
40 Run zebra with a limited ecmp ability compared to what it is compiled to.
41 If you are running zebra on hardware limited functionality you can
42 force zebra to limit the maximum ecmp allowed to X. This number
43 is bounded by what you compiled FRR with as the maximum number.
44
45.. option:: -n, --vrfwnetns
46
47 When *Zebra* starts with this option, the VRF backend is based on Linux
48 network namespaces. That implies that all network namespaces discovered by
49 ZEBRA will create an associated VRF. The other daemons will operate on the VRF
50 VRF defined by *Zebra*, as usual.
51
52 .. seealso:: :ref:`zebra-vrf`
53
54.. option:: -o, --vrfdefaultname
55
56 When *Zebra* starts with this option, the default VRF name is changed to the
57 parameter.
58
59 .. seealso:: :ref:`zebra-vrf`
60
61.. option:: -z <path_to_socket>, --socket <path_to_socket>
62
63 If this option is supplied on the cli, the path to the zebra
64 control socket(zapi), is used. This option overrides a -N <namespace>
65 option if handed to it on the cli.
66
67.. option:: --v6-rr-semantics
68
69 The linux kernel is receiving the ability to use the same route
70 replacement semantics for v6 that v4 uses. If you are using a
71 kernel that supports this functionality then run *Zebra* with this
72 option and we will use Route Replace Semantics instead of delete
73 than add.
74
75.. _interface-commands:
76
77Configuration Addresses behaviour
78=================================
79
80At startup, *Zebra* will first discover the underlying networking objects
81from the operating system. This includes interfaces, addresses of
82interfaces, static routes, etc. Then, it will read the configuration
83file, including its own interface addresses, static routes, etc. All this
84information comprises the operational context from *Zebra*. But
85configuration context from *Zebra* will remain the same as the one from
86:file:`zebra.conf` config file. As an example, executing the following
87:clicmd:`show running-config` will reflect what was in :file:`zebra.conf`.
88In a similar way, networking objects that are configured outside of the
89*Zebra* like *iproute2* will not impact the configuration context from
90*Zebra*. This behaviour permits you to continue saving your own config
91file, and decide what is really to be pushed on the config file, and what
92is dependent on the underlying system.
93Note that inversely, from *Zebra*, you will not be able to delete networking
94objects that were previously configured outside of *Zebra*.
95
96
97Interface Commands
98==================
99
100.. _standard-commands:
101
102Standard Commands
103-----------------
104
105.. index:: interface IFNAME
106
107.. clicmd:: interface IFNAME
108
109.. index:: interface IFNAME vrf VRF
110
111.. clicmd:: interface IFNAME vrf VRF
112
113.. index:: shutdown
114
115.. clicmd:: shutdown
116.. index:: no shutdown
117
118.. clicmd:: no shutdown
119
120 Up or down the current interface.
121
122.. index:: ip address ADDRESS/PREFIX
123
124.. clicmd:: ip address ADDRESS/PREFIX
125.. index:: ipv6 address ADDRESS/PREFIX
126
127.. clicmd:: ipv6 address ADDRESS/PREFIX
128.. index:: no ip address ADDRESS/PREFIX
129
130.. clicmd:: no ip address ADDRESS/PREFIX
131.. index:: no ipv6 address ADDRESS/PREFIX
132
133.. clicmd:: no ipv6 address ADDRESS/PREFIX
134
135 Set the IPv4 or IPv6 address/prefix for the interface.
136
137.. index:: ip address LOCAL-ADDR peer PEER-ADDR/PREFIX
138
139.. clicmd:: ip address LOCAL-ADDR peer PEER-ADDR/PREFIX
140.. index:: no ip address LOCAL-ADDR peer PEER-ADDR/PREFIX
141
142.. clicmd:: no ip address LOCAL-ADDR peer PEER-ADDR/PREFIX
143
144 Configure an IPv4 Point-to-Point address on the interface. (The concept of
145 PtP addressing does not exist for IPv6.)
146
147 `local-addr` has no subnet mask since the local side in PtP addressing is
148 always a single (/32) address. `peer-addr/prefix` can be an arbitrary subnet
149 behind the other end of the link (or even on the link in Point-to-Multipoint
150 setups), though generally /32s are used.
151
152.. index:: description DESCRIPTION ...
153
154.. clicmd:: description DESCRIPTION ...
155
156 Set description for the interface.
157
158.. index:: multicast
159
160.. clicmd:: multicast
161.. index:: no multicast
162
163.. clicmd:: no multicast
164
165 Enable or disables multicast flag for the interface.
166
167.. index:: bandwidth (1-10000000)
168
169.. clicmd:: bandwidth (1-10000000)
170.. index:: no bandwidth (1-10000000)
171
172.. clicmd:: no bandwidth (1-10000000)
173
174 Set bandwidth value of the interface in kilobits/sec. This is for
175 calculating OSPF cost. This command does not affect the actual device
176 configuration.
177
178.. index:: link-detect
179
180.. clicmd:: link-detect
181.. index:: no link-detect
182
183.. clicmd:: no link-detect
184
185 Enable/disable link-detect on platforms which support this. Currently only
186 Linux, and only where network interface drivers support reporting
187 link-state via the ``IFF_RUNNING`` flag.
188
189 In FRR, link-detect is on by default.
190
191.. _link-parameters-commands:
192
193Link Parameters Commands
194------------------------
195
196.. note::
197
198 At this time, FRR offers partial support for some of the routing
199 protocol extensions that can be used with MPLS-TE. FRR does not
200 support a complete RSVP-TE solution currently.
201
202.. index:: link-params
203.. clicmd:: link-params
204
205.. index:: no link-param
206.. clicmd:: no link-param
207
208 Enter into the link parameters sub node. At least 'enable' must be
209 set to activate the link parameters, and consequently routing
210 information that could be used as part of Traffic Engineering on
211 this interface. MPLS-TE must be enable at the OSPF
212 (:ref:`ospf-traffic-engineering`) or ISIS
213 (:ref:`isis-traffic-engineering`) router level in complement to
214 this. Disable link parameters for this interface.
215
216 Under link parameter statement, the following commands set the different TE values:
217
218.. index:: link-params [enable]
219.. clicmd:: link-params [enable]
220
221 Enable link parameters for this interface.
222
223.. index:: link-params [metric (0-4294967295)]
224.. clicmd:: link-params [metric (0-4294967295)]
225
226.. index:: link-params max-bw BANDWIDTH
227.. clicmd:: link-params max-bw BANDWIDTH
228
229.. index:: link-params max-rsv-bw BANDWIDTH
230.. clicmd:: link-params max-rsv-bw BANDWIDTH
231
232.. index:: link-params unrsv-bw (0-7) BANDWIDTH
233.. clicmd:: link-params unrsv-bw (0-7) BANDWIDTH
234
235.. index:: link-params admin-grp BANDWIDTH
236.. clicmd:: link-params admin-grp BANDWIDTH
237
238 These commands specifies the Traffic Engineering parameters of the interface
239 in conformity to RFC3630 (OSPF) or RFC5305 (ISIS). There are respectively
240 the TE Metric (different from the OSPF or ISIS metric), Maximum Bandwidth
241 (interface speed by default), Maximum Reservable Bandwidth, Unreserved
242 Bandwidth for each 0-7 priority and Admin Group (ISIS) or Resource
243 Class/Color (OSPF).
244
245 Note that BANDIWDTH is specified in IEEE floating point format and express
246 in Bytes/second.
247
248.. index:: link-param delay (0-16777215) [min (0-16777215) | max (0-16777215)]
249.. clicmd:: link-param delay (0-16777215) [min (0-16777215) | max (0-16777215)]
250
251.. index:: link-param delay-variation (0-16777215)
252.. clicmd:: link-param delay-variation (0-16777215)
253
254.. index:: link-param packet-loss PERCENTAGE
255.. clicmd:: link-param packet-loss PERCENTAGE
256
257.. index:: link-param res-bw BANDWIDTH
258.. clicmd:: link-param res-bw BANDWIDTH
259
260.. index:: link-param ava-bw BANDWIDTH
261.. clicmd:: link-param ava-bw BANDWIDTH
262
263.. index:: link-param use-bw BANDWIDTH
264.. clicmd:: link-param use-bw BANDWIDTH
265
266 These command specifies additional Traffic Engineering parameters of the
267 interface in conformity to draft-ietf-ospf-te-metrics-extension-05.txt and
268 draft-ietf-isis-te-metrics-extension-03.txt. There are respectively the
269 delay, jitter, loss, available bandwidth, reservable bandwidth and utilized
270 bandwidth.
271
272 Note that BANDWIDTH is specified in IEEE floating point format and express
273 in Bytes/second. Delays and delay variation are express in micro-second
274 (µs). Loss is specified in PERCENTAGE ranging from 0 to 50.331642% by step
275 of 0.000003.
276
277.. index:: link-param neighbor <A.B.C.D> as (0-65535)
278.. clicmd:: link-param neighbor <A.B.C.D> as (0-65535)
279
280.. index:: link-param no neighbor
281.. clicmd:: link-param no neighbor
282
283 Specifies the remote ASBR IP address and Autonomous System (AS) number
284 for InterASv2 link in OSPF (RFC5392). Note that this option is not yet
285 supported for ISIS (RFC5316).
286
287.. index:: ip nht resolve-via-default
288.. clicmd:: ip nht resolve-via-default
289
290 Allows nexthop tracking to resolve via the default route. This is useful
291 when e.g. you want to allow BGP to peer across the default route.
292
293.. _zebra-vrf:
294
295Administrative Distance
296=======================
297
298Administrative distance allows FRR to make decisions about what routes
299should be installed in the rib based upon the originating protocol.
300The lowest Admin Distance is the route selected. This is purely a
301subjective decision about ordering and care has been taken to choose
302the same distances that other routing suites have choosen.
303
304+------------+-----------+
305| Protocol | Distance |
306+------------+-----------+
307| System | 0 |
308+------------+-----------+
309| Kernel | 0 |
310+------------+-----------+
311| Connect | 0 |
312+------------+-----------+
313| Static | 1 |
314+------------+-----------+
315| NHRP | 10 |
316+------------+-----------+
317| EBGP | 20 |
318+------------+-----------+
319| EIGRP | 90 |
320+------------+-----------+
321| BABEL | 100 |
322+------------+-----------+
323| OSPF | 110 |
324+------------+-----------+
325| ISIS | 115 |
326+------------+-----------+
327| OPENFABRIC | 115 |
328+------------+-----------+
329| RIP | 120 |
330+------------+-----------+
331| Table | 150 |
332+------------+-----------+
333| SHARP | 150 |
334+------------+-----------+
335| IBGP | 200 |
336+------------+-----------+
337| PBR | 200 |
338+------------+-----------+
339
340An admin distance of 255 indicates to Zebra that the route should not be
341installed into the Data Plane. Additionally routes with an admin distance
342of 255 will not be redistributed.
343
344Zebra does treat Kernel routes as special case for the purposes of Admin
345Distance. Upon learning about a route that is not originated by FRR
346we read the metric value as a uint32_t. The top byte of the value
347is interpreted as the Administrative Distance and the low three bytes
348are read in as the metric. This special case is to facilitate VRF
349default routes.
350
351Virtual Routing and Forwarding
352==============================
353
354FRR supports :abbr:`VRF (Virtual Routing and Forwarding)`. VRF is a way to
355separate networking contexts on the same machine. Those networking contexts are
356associated with separate interfaces, thus making it possible to associate one
357interface with a specific VRF.
358
359VRF can be used, for example, when instantiating per enterprise networking
360services, without having to instantiate the physical host machine or the
361routing management daemons for each enterprise. As a result, interfaces are
362separate for each set of VRF, and routing daemons can have their own context
363for each VRF.
364
365This conceptual view introduces the *Default VRF* case. If the user does not
366configure any specific VRF, then by default, FRR uses the *Default VRF*.
367
368Configuring VRF networking contexts can be done in various ways on FRR. The VRF
369interfaces can be configured by entering in interface configuration mode
370:clicmd:`interface IFNAME vrf VRF`.
371
372A VRF backend mode is chosen when running *Zebra*.
373
374If no option is chosen, then the *Linux VRF* implementation as references in
375https://www.kernel.org/doc/Documentation/networking/vrf.txt will be mapped over
376the *Zebra* VRF. The routing table associated to that VRF is a Linux table
377identifier located in the same *Linux network namespace* where *Zebra* started.
378
379If the :option:`-n` option is chosen, then the *Linux network namespace* will
380be mapped over the *Zebra* VRF. That implies that *Zebra* is able to configure
381several *Linux network namespaces*. The routing table associated to that VRF
382is the whole routing tables located in that namespace. For instance, this mode
383matches OpenStack Network Namespaces. It matches also OpenFastPath. The default
384behavior remains Linux VRF which is supported by the Linux kernel community,
385see https://www.kernel.org/doc/Documentation/networking/vrf.txt.
386
387Because of that difference, there are some subtle differences when running some
388commands in relationship to VRF. Here is an extract of some of those commands:
389
390.. index:: vrf VRF
391.. clicmd:: vrf VRF
392
393 This command is available on configuration mode. By default, above command
394 permits accessing the VRF configuration mode. This mode is available for
395 both VRFs. It is to be noted that *Zebra* does not create Linux VRF.
396 The network administrator can however decide to provision this command in
397 configuration file to provide more clarity about the intended configuration.
398
399.. index:: netns NAMESPACE
400.. clicmd:: netns NAMESPACE
401
402 This command is based on VRF configuration mode. This command is available
403 when *Zebra* is run in :option:`-n` mode. This command reflects which *Linux
404 network namespace* is to be mapped with *Zebra* VRF. It is to be noted that
405 *Zebra* creates and detects added/suppressed VRFs from the Linux environment
406 (in fact, those managed with iproute2). The network administrator can however
407 decide to provision this command in configuration file to provide more clarity
408 about the intended configuration.
409
410.. index:: show ip route vrf VRF
411.. clicmd:: show ip route vrf VRF
412
413 The show command permits dumping the routing table associated to the VRF. If
414 *Zebra* is launched with default settings, this will be the ``TABLENO`` of
415 the VRF configured on the kernel, thanks to information provided in
416 https://www.kernel.org/doc/Documentation/networking/vrf.txt. If *Zebra* is
417 launched with :option:`-n` option, this will be the default routing table of
418 the *Linux network namespace* ``VRF``.
419
420.. index:: show ip route vrf VRF table TABLENO
421.. clicmd:: show ip route vrf VRF table TABLENO
422
423 The show command is only available with :option:`-n` option. This command
424 will dump the routing table ``TABLENO`` of the *Linux network namespace*
425 ``VRF``.
426
427.. index:: show ip route vrf VRF tables
428.. clicmd:: show ip route vrf VRF tables
429
430 This command will dump the routing tables within the vrf scope. If `vrf all`
431 is executed, all routing tables will be dumped.
432
433.. index:: show <ip|ipv6> route summary [vrf VRF] [table TABLENO] [prefix]
434.. clicmd:: show <ip|ipv6> route summary [vrf VRF] [table TABLENO] [prefix]
435
436 This command will dump a summary output of the specified VRF and TABLENO
437 combination. If neither VRF or TABLENO is specified FRR defaults to
438 the default vrf and default table. If prefix is specified dump the
439 number of prefix routes.
440
441By using the :option:`-n` option, the *Linux network namespace* will be mapped
442over the *Zebra* VRF. One nice feature that is possible by handling *Linux
443network namespace* is the ability to name default VRF. At startup, *Zebra*
444discovers the available *Linux network namespace* by parsing folder
445`/var/run/netns`. Each file stands for a *Linux network namespace*, but not all
446*Linux network namespaces* are available under that folder. This is the case for
447default VRF. It is possible to name the default VRF, by creating a file, by
448executing following commands.
449
450.. code-block:: shell
451
452 touch /var/run/netns/vrf0
453 mount --bind /proc/self/ns/net /var/run/netns/vrf0
454
455Above command illustrates what happens when the default VRF is visible under
456`var/run/netns/`. Here, the default VRF file is `vrf0`.
457At startup, FRR detects the presence of that file. It detects that the file
458statistics information matches the same file statistics information as
459`/proc/self/ns/net` ( through stat() function). As statistics information
460matches, then `vrf0` stands for the new default namespace name.
461Consequently, the VRF naming `Default` will be overridden by the new discovered
462namespace name `vrf0`.
463
464For those who don't use VRF backend with *Linux network namespace*, it is
465possible to statically configure and recompile FRR. It is possible to choose an
466alternate name for default VRF. Then, the default VRF naming will automatically
467be updated with the new name. To illustrate, if you want to recompile with
468`global` value, use the following command:
469
470.. code-block:: shell
471
472 ./configure --with-defaultvrfname=global
473
474.. _zebra-mpls:
475
476MPLS Commands
477=============
478
479You can configure static mpls entries in zebra. Basically, handling MPLS
480consists of popping, swapping or pushing labels to IP packets.
481
482MPLS Acronyms
483-------------
484
485:abbr:`LSR (Labeled Switch Router)`
486 Networking devices handling labels used to forward traffic between and through
487 them.
488
489:abbr:`LER (Labeled Edge Router)`
490 A Labeled edge router is located at the edge of an MPLS network, generally
491 between an IP network and an MPLS network.
492
493MPLS Push Action
494----------------
495
496The push action is generally used for LER devices, which want to encapsulate
497all traffic for a wished destination into an MPLS label. This action is stored
498in routing entry, and can be configured like a route:
499
500.. index:: [no] ip route NETWORK MASK GATEWAY|INTERFACE label LABEL
501.. clicmd:: [no] ip route NETWORK MASK GATEWAY|INTERFACE label LABEL
502
503 NETWORK and MASK stand for the IP prefix entry to be added as static
504 route entry.
505 GATEWAY is the gateway IP address to reach, in order to reach the prefix.
506 INTERFACE is the interface behind which the prefix is located.
507 LABEL is the MPLS label to use to reach the prefix abovementioned.
508
509 You can check that the static entry is stored in the zebra RIB database, by
510 looking at the presence of the entry.
511
512 ::
513
514 zebra(configure)# ip route 1.1.1.1/32 10.0.1.1 label 777
515 zebra# show ip route
516 Codes: K - kernel route, C - connected, S - static, R - RIP,
517 O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,
518 T - Table, v - VNC, V - VNC-Direct, A - Babel, D - SHARP,
519 F - PBR,
520 > - selected route, * - FIB route
521
522 S>* 1.1.1.1/32 [1/0] via 10.0.1.1, r2-eth0, label 777, 00:39:42
523
524MPLS Swap and Pop Action
525------------------------
526
527The swap action is generally used for LSR devices, which swap a packet with a
528label, with an other label. The Pop action is used on LER devices, at the
529termination of the MPLS traffic; this is used to remove MPLS header.
530
531.. index:: [no] mpls lsp INCOMING_LABEL GATEWAY OUTGOING_LABEL|explicit-null|implicit-null
532.. clicmd:: [no] mpls lsp INCOMING_LABEL GATEWAY OUTGOING_LABEL|explicit-null|implicit-null
533
534 INCOMING_LABEL and OUTGOING_LABEL are MPLS labels with values ranging from 16
535 to 1048575.
536 GATEWAY is the gateway IP address where to send MPLS packet.
537 The outgoing label can either be a value or have an explicit-null label header. This
538 specific header can be read by IP devices. The incoming label can also be removed; in
539 that case the implicit-null keyword is used, and the outgoing packet emitted is an IP
540 packet without MPLS header.
541
542You can check that the MPLS actions are stored in the zebra MPLS table, by looking at the
543presence of the entry.
544
545.. index:: show mpls table
546.. clicmd:: show mpls table
547
548::
549
550 zebra(configure)# mpls lsp 18 10.125.0.2 implicit-null
551 zebra(configure)# mpls lsp 19 10.125.0.2 20
552 zebra(configure)# mpls lsp 21 10.125.0.2 explicit-null
553 zebra# show mpls table
554 Inbound Outbound
555 Label Type Nexthop Label
556 -------- ------- --------------- --------
557 18 Static 10.125.0.2 implicit-null
558 19 Static 10.125.0.2 20
559 21 Static 10.125.0.2 IPv4 Explicit Null
560
561
562.. _multicast-rib-commands:
563
564Multicast RIB Commands
565======================
566
567The Multicast RIB provides a separate table of unicast destinations which
568is used for Multicast Reverse Path Forwarding decisions. It is used with
569a multicast source's IP address, hence contains not multicast group
570addresses but unicast addresses.
571
572This table is fully separate from the default unicast table. However,
573RPF lookup can include the unicast table.
574
575WARNING: RPF lookup results are non-responsive in this version of FRR,
576i.e. multicast routing does not actively react to changes in underlying
577unicast topology!
578
579.. index:: ip multicast rpf-lookup-mode MODE
580.. clicmd:: ip multicast rpf-lookup-mode MODE
581
582.. index:: no ip multicast rpf-lookup-mode [MODE]
583.. clicmd:: no ip multicast rpf-lookup-mode [MODE]
584
585 MODE sets the method used to perform RPF lookups. Supported modes:
586
587 urib-only
588 Performs the lookup on the Unicast RIB. The Multicast RIB is never used.
589
590 mrib-only
591 Performs the lookup on the Multicast RIB. The Unicast RIB is never used.
592
593 mrib-then-urib
594 Tries to perform the lookup on the Multicast RIB. If any route is found,
595 that route is used. Otherwise, the Unicast RIB is tried.
596
597 lower-distance
598 Performs a lookup on the Multicast RIB and Unicast RIB each. The result
599 with the lower administrative distance is used; if they're equal, the
600 Multicast RIB takes precedence.
601
602 longer-prefix
603 Performs a lookup on the Multicast RIB and Unicast RIB each. The result
604 with the longer prefix length is used; if they're equal, the
605 Multicast RIB takes precedence.
606
607 The `mrib-then-urib` setting is the default behavior if nothing is
608 configured. If this is the desired behavior, it should be explicitly
609 configured to make the configuration immune against possible changes in
610 what the default behavior is.
611
612.. warning::
613 Unreachable routes do not receive special treatment and do not cause
614 fallback to a second lookup.
615
616.. index:: show ip rpf ADDR
617.. clicmd:: show ip rpf ADDR
618
619 Performs a Multicast RPF lookup, as configured with ``ip multicast
620 rpf-lookup-mode MODE``. ADDR specifies the multicast source address to look
621 up.
622
623 ::
624
625 > show ip rpf 192.0.2.1
626 Routing entry for 192.0.2.0/24 using Unicast RIB
627
628 Known via "kernel", distance 0, metric 0, best
629 * 198.51.100.1, via eth0
630
631
632 Indicates that a multicast source lookup for 192.0.2.1 would use an
633 Unicast RIB entry for 192.0.2.0/24 with a gateway of 198.51.100.1.
634
635.. index:: show ip rpf
636.. clicmd:: show ip rpf
637
638 Prints the entire Multicast RIB. Note that this is independent of the
639 configured RPF lookup mode, the Multicast RIB may be printed yet not
640 used at all.
641
642.. index:: ip mroute PREFIX NEXTHOP [DISTANCE]
643.. clicmd:: ip mroute PREFIX NEXTHOP [DISTANCE]
644
645.. index:: no ip mroute PREFIX NEXTHOP [DISTANCE]
646.. clicmd:: no ip mroute PREFIX NEXTHOP [DISTANCE]
647
648 Adds a static route entry to the Multicast RIB. This performs exactly as the
649 ``ip route`` command, except that it inserts the route in the Multicast RIB
650 instead of the Unicast RIB.
651
652.. _zebra-route-filtering:
653
654zebra Route Filtering
655=====================
656
657Zebra supports :dfn:`prefix-list` s and :ref:`route-map` s to match routes
658received from other FRR components. The permit/deny facilities provided by
659these commands can be used to filter which routes zebra will install in the
660kernel.
661
662.. index:: ip protocol PROTOCOL route-map ROUTEMAP
663.. clicmd:: ip protocol PROTOCOL route-map ROUTEMAP
664
665 Apply a route-map filter to routes for the specified protocol. PROTOCOL can
666 be:
667
668 - any,
669 - babel,
670 - bgp,
671 - connected,
672 - eigrp,
673 - isis,
674 - kernel,
675 - nhrp,
676 - openfabric,
677 - ospf,
678 - ospf6,
679 - rip,
680 - sharp,
681 - static,
682 - ripng,
683 - table,
684 - vnc.
685
686 If you choose any as the option that will cause all protocols that are sending
687 routes to zebra. You can specify a :dfn:`ip protocol PROTOCOL route-map ROUTEMAP`
688 on a per vrf basis, by entering this command under vrf mode for the vrf you
689 want to apply the route-map against.
690
691.. index:: set src ADDRESS
692.. clicmd:: set src ADDRESS
693
694 Within a route-map, set the preferred source address for matching routes
695 when installing in the kernel.
696
697
698The following creates a prefix-list that matches all addresses, a route-map
699that sets the preferred source address, and applies the route-map to all
700*rip* routes.
701
702.. code-block:: frr
703
704 ip prefix-list ANY permit 0.0.0.0/0 le 32
705 route-map RM1 permit 10
706 match ip address prefix-list ANY
707 set src 10.0.0.1
708
709 ip protocol rip route-map RM1
710
711IPv6 example for OSPFv3.
712
713.. code-block:: frr
714
715 ipv6 prefix-list ANY seq 10 permit any
716 route-map RM6 permit 10
717 match ipv6 address prefix-list ANY
718 set src 2001:db8:425:1000::3
719
720 ipv6 protocol ospf6 route-map RM6
721
722
723.. note::
724
725 For both IPv4 and IPv6, the IP address has to exist at the point the
726 route-map is created. Be wary of race conditions if the interface is
727 not created at startup. On Debian, FRR might start before ifupdown
728 completes. Consider a reboot test.
729
730.. _zebra-fib-push-interface:
731
732zebra FIB push interface
733========================
734
735Zebra supports a 'FIB push' interface that allows an external
736component to learn the forwarding information computed by the FRR
737routing suite. This is a loadable module that needs to be enabled
738at startup as described in :ref:`loadable-module-support`.
739
740In FRR, the Routing Information Base (RIB) resides inside
741zebra. Routing protocols communicate their best routes to zebra, and
742zebra computes the best route across protocols for each prefix. This
743latter information makes up the Forwarding Information Base
744(FIB). Zebra feeds the FIB to the kernel, which allows the IP stack in
745the kernel to forward packets according to the routes computed by
746FRR. The kernel FIB is updated in an OS-specific way. For example,
747the `Netlink` interface is used on Linux, and route sockets are
748used on FreeBSD.
749
750The FIB push interface aims to provide a cross-platform mechanism to
751support scenarios where the router has a forwarding path that is
752distinct from the kernel, commonly a hardware-based fast path. In
753these cases, the FIB needs to be maintained reliably in the fast path
754as well. We refer to the component that programs the forwarding plane
755(directly or indirectly) as the Forwarding Plane Manager or FPM.
756
757.. program:: configure
758
759The relevant zebra code kicks in when zebra is configured with the
760:option:`--enable-fpm` flag and started with the module (``-M fpm``
761or ``-M dplane_fpm_nl``).
762
763.. note::
764
765 The ``fpm`` implementation attempts to connect to ``127.0.0.1`` port ``2620``
766 by default without configurations. The ``dplane_fpm_nl`` only attempts to
767 connect to a server if configured.
768
769Zebra periodically attempts to connect to the well-known FPM port (``2620``).
770Once the connection is up, zebra starts sending messages containing routes
771over the socket to the FPM. Zebra sends a complete copy of the forwarding
772table to the FPM, including routes that it may have picked up from the kernel.
773The existing interaction of zebra with the kernel remains unchanged -- that
774is, the kernel continues to receive FIB updates as before.
775
776The default FPM message format is netlink, however it can be controlled
777with the module load-time option. The modules accept the following options:
778
779- ``fpm``: ``netlink`` and ``protobuf``.
780- ``dplane_fpm_nl``: none, it only implements netlink.
781
782The zebra FPM interface uses replace semantics. That is, if a 'route
783add' message for a prefix is followed by another 'route add' message,
784the information in the second message is complete by itself, and
785replaces the information sent in the first message.
786
787If the connection to the FPM goes down for some reason, zebra sends
788the FPM a complete copy of the forwarding table(s) when it reconnects.
789
790For more details on the implementation, please read the developer's manual FPM
791section.
792
793FPM Commands
794============
795
796``fpm`` implementation
797----------------------
798
799.. index:: fpm connection ip A.B.C.D port (1-65535)
800.. clicmd:: fpm connection ip A.B.C.D port (1-65535)
801
802 Configure ``zebra`` to connect to a different FPM server than
803 ``127.0.0.1`` port ``2620``.
804
805
806.. index:: no fpm connection ip A.B.C.D port (1-65535)
807.. clicmd:: no fpm connection ip A.B.C.D port (1-65535)
808
809 Configure ``zebra`` to connect to the default FPM server at ``127.0.0.1``
810 port ``2620``.
811
812
813.. index:: show zebra fpm stats
814.. clicmd:: show zebra fpm stats
815
816 Shows the FPM statistics.
817
818 Sample output:
819
820 ::
821
822 Counter Total Last 10 secs
823
824 connect_calls 3 2
825 connect_no_sock 0 0
826 read_cb_calls 2 2
827 write_cb_calls 2 0
828 write_calls 1 0
829 partial_writes 0 0
830 max_writes_hit 0 0
831 t_write_yields 0 0
832 nop_deletes_skipped 6 0
833 route_adds 5 0
834 route_dels 0 0
835 updates_triggered 11 0
836 redundant_triggers 0 0
837 dests_del_after_update 0 0
838 t_conn_down_starts 0 0
839 t_conn_down_dests_processed 0 0
840 t_conn_down_yields 0 0
841 t_conn_down_finishes 0 0
842 t_conn_up_starts 1 0
843 t_conn_up_dests_processed 11 0
844 t_conn_up_yields 0 0
845 t_conn_up_aborts 0 0
846 t_conn_up_finishes 1 0
847
848
849.. index:: clear zebra fpm stats
850.. clicmd:: clear zebra fpm stats
851
852 Reset statistics related to the zebra code that interacts with the
853 optional Forwarding Plane Manager (FPM) component.
854
855
856``dplane_fpm_nl`` implementation
857--------------------------------
858
859.. index:: fpm address <A.B.C.D|X:X::X:X> [port (1-65535)]
860.. clicmd:: fpm address <A.B.C.D|X:X::X:X> [port (1-65535)]
861
862 Configures the FPM server address. Once configured ``zebra`` will attempt
863 to connect to it immediately.
864
865
866.. index:: no fpm address [<A.B.C.D|X:X::X:X> [port (1-65535)]]
867.. clicmd:: no fpm address [<A.B.C.D|X:X::X:X> [port (1-65535)]]
868
869 Disables FPM entirely. ``zebra`` will close any current connections and
870 will not attempt to connect to it anymore.
871
872
873.. index:: fpm use-next-hop-groups
874.. clicmd:: fpm use-next-hop-groups
875
876 Use the new netlink messages ``RTM_NEWNEXTHOP`` / ``RTM_DELNEXTHOP`` to
877 group repeated route next hop information.
878
879
880.. index:: no fpm use-next-hop-groups
881.. clicmd:: no fpm use-next-hop-groups
882
883 Use the old known FPM behavior of including next hop information in the
884 route (e.g. ``RTM_NEWROUTE``) messages.
885
886
887.. index:: show fpm counters [json]
888.. clicmd:: show fpm counters [json]
889
890 Show the FPM statistics (plain text or JSON formatted).
891
892 Sample output:
893
894 ::
895
896 FPM counters
897 ============
898 Input bytes: 0
899 Output bytes: 308
900 Output buffer current size: 0
901 Output buffer peak size: 308
902 Connection closes: 0
903 Connection errors: 0
904 Data plane items processed: 0
905 Data plane items enqueued: 0
906 Data plane items queue peak: 0
907 Buffer full hits: 0
908 User FPM configurations: 1
909 User FPM disable requests: 0
910
911
912.. index:: clear fpm counters
913.. clicmd:: clear fpm counters
914
915 Reset statistics related to the zebra code that interacts with the
916 optional Forwarding Plane Manager (FPM) component.
917
918
919.. _zebra-dplane:
920
921Dataplane Commands
922==================
923
924The zebra dataplane subsystem provides a framework for FIB
925programming. Zebra uses the dataplane to program the local kernel as
926it makes changes to objects such as IP routes, MPLS LSPs, and
927interface IP addresses. The dataplane runs in its own pthread, in
928order to off-load work from the main zebra pthread.
929
930
931.. index:: show zebra dplane [detailed]
932.. clicmd:: show zebra dplane [detailed]
933
934 Display statistics about the updates and events passing through the
935 dataplane subsystem.
936
937
938.. index:: show zebra dplane providers
939.. clicmd:: show zebra dplane providers
940
941 Display information about the running dataplane plugins that are
942 providing updates to a FIB. By default, the local kernel plugin is
943 present.
944
945
946.. index:: zebra dplane limit [NUMBER]
947.. clicmd:: zebra dplane limit [NUMBER]
948
949 Configure the limit on the number of pending updates that are
950 waiting to be processed by the dataplane pthread.
951
952
953zebra Terminal Mode Commands
954============================
955
956.. index:: show ip route
957.. clicmd:: show ip route
958
959 Display current routes which zebra holds in its database.
960
961::
962
963 Router# show ip route
964 Codes: K - kernel route, C - connected, S - static, R - RIP,
965 B - BGP * - FIB route.
966
967 K* 0.0.0.0/0 203.181.89.241
968 S 0.0.0.0/0 203.181.89.1
969 C* 127.0.0.0/8 lo
970 C* 203.181.89.240/28 eth0
971
972
973.. index:: show ipv6 route
974.. clicmd:: show ipv6 route
975
976.. index:: show [ip|ipv6] route [PREFIX] [nexthop-group]
977.. clicmd:: show [ip|ipv6] route [PREFIX] [nexthop-group]
978
979 Display detailed information about a route. If [nexthop-group] is
980 included, it will display the nexthop group ID the route is using as well.
981
982.. index:: show interface [NAME] [{vrf VRF|brief}] [nexthop-group]
983.. clicmd:: show interface [NAME] [{vrf VRF|brief}] [nexthop-group]
984
985.. index:: show interface [NAME] [{vrf all|brief}] [nexthop-group]
986.. clicmd:: show interface [NAME] [{vrf all|brief}] [nexthop-group]
987
988 Display interface information. If no extra information is added, it will
989 dump information on all interfaces. If [NAME] is specified, it will display
990 detailed information about that single interface. If [nexthop-group] is
991 specified, it will display nexthop groups pointing out that interface.
992
993.. index:: show ip prefix-list [NAME]
994.. clicmd:: show ip prefix-list [NAME]
995
996.. index:: show route-map [NAME]
997.. clicmd:: show route-map [NAME]
998
999.. index:: show ip protocol
1000.. clicmd:: show ip protocol
1001
1002.. index:: show ip forward
1003.. clicmd:: show ip forward
1004
1005 Display whether the host's IP forwarding function is enabled or not.
1006 Almost any UNIX kernel can be configured with IP forwarding disabled.
1007 If so, the box can't work as a router.
1008
1009.. index:: show ipv6 forward
1010.. clicmd:: show ipv6 forward
1011
1012 Display whether the host's IP v6 forwarding is enabled or not.
1013
1014.. index:: show zebra
1015.. clicmd:: show zebra
1016
1017 Display various statistics related to the installation and deletion
1018 of routes, neighbor updates, and LSP's into the kernel.
1019
1020.. index:: show zebra client [summary]
1021.. clicmd:: show zebra client [summary]
1022
1023 Display statistics about clients that are connected to zebra. This is
1024 useful for debugging and seeing how much data is being passed between
1025 zebra and it's clients. If the summary form of the command is choosen
1026 a table is displayed with shortened information.
1027
1028.. index:: show zebra router table summary
1029.. clicmd:: show zebra router table summary
1030
1031 Display summarized data about tables created, their afi/safi/tableid
1032 and how many routes each table contains. Please note this is the
1033 total number of route nodes in the table. Which will be higher than
1034 the actual number of routes that are held.
1035
1036.. index:: show nexthop-group rib [ID] [vrf NAME] [singleton [ip|ip6]]
1037.. clicmd:: show nexthop-group rib [ID] [vrf NAME]
1038
1039 Display nexthop groups created by zebra. The [vrf NAME] option
1040 is only meaningful if you have started zebra with the --vrfwnetns
1041 option as that nexthop groups are per namespace in linux.
1042 If you specify singleton you would like to see the singleton
1043 nexthop groups that do have an afi.
1044
1045
1046Router-id
1047=========
1048
1049Many routing protocols require a router-id to be configured. To have a
1050consistent router-id across all daemons, the following commands are available
1051to configure and display the router-id:
1052
1053.. index:: [no] [ip] router-id A.B.C.D
1054.. clicmd:: [no] [ip] router-id A.B.C.D
1055
1056 Allow entering of the router-id. This command also works under the
1057 vrf subnode, to allow router-id's per vrf.
1058
1059.. index:: [no] [ip] router-id A.B.C.D vrf NAME
1060.. clicmd:: [no] [ip] router-id A.B.C.D vrf NAME
1061
1062 Configure the router-id of this router from the configure NODE.
1063 A show run of this command will display the router-id command
1064 under the vrf sub node. This command is deprecated and will
1065 be removed at some point in time in the future.
1066
1067.. index:: show [ip] router-id [vrf NAME]
1068.. clicmd:: show [ip] router-id [vrf NAME]
1069
1070 Display the user configured router-id.
1071
1072For protocols requiring an IPv6 router-id, the following commands are available:
1073
1074.. index:: [no] ipv6 router-id X:X::X:X
1075.. clicmd:: [no] ipv6 router-id X:X::X:X
1076
1077 Configure the IPv6 router-id of this router. Like its IPv4 counterpart,
1078 this command works under the vrf subnode, to allow router-id's per vrf.
1079
1080.. index:: show ipv6 router-id [vrf NAME]
1081.. clicmd:: show ipv6 router-id [vrf NAME]
1082
1083 Display the user configured IPv6 router-id.
FRRouting mirror