|
|
| |
rtconfig(1) |
FreeBSD General Commands Manual |
rtconfig(1) |
rtconfig - Tool for producing configs from IRR routing policies
rtconfig analyzes the routing policies registered in the Internet Routing
Registry (IRR) and produces router configuration files. It currently supports
cisco and junos router configuration file formats. rtconfig reads lines form
the standard input, and prints them to the standard output, except for the
lines that start with "@rtconfig" which instruct rtconfig to perform
special operation (please see "rtconfig Commands" Section below).
rtconfig establishes a whois connection to query IRR.
- -help
- Print summary of command-line options and abort.
- -T [whois_query | whois_response | input | all]
- Trace the argument. Useful for debugging.
- -D <integer>
- Print debugging messages of debug channel <integer> (if compiled
with ENABLE_DEBUG defined).
- -version
- Print the version number and quit.
- -h <host-name>
- Establish a whois connection to host <host-name>. The default is
whois.radb.net.
- -p <port-no>
- Establish an whois connection to port <port-no>. The default is
43.
- -protocol <protocol>
- Use the <protocol> to connect to the IRR server. <protocol>
can be irrd(rawhoisd) or ripe(bird). The default is irrd.
- -s <source-list>
- Consider the sources specified in the comma separated <source-list>.
If an object is defined in multiple sources in <source-list>,
rtconfig uses the definition first encountered in <source-list> from
left to right.
- -f <file-name>
- IRR cache file. You can have any RPSL object in this file, except route
objects. They will override these objects in IRR. This option is intended
for private objects, or to test new public objects before publishing. You
can specify more than one cache file by specifying this option
repeatedly.
- -rusage
- Print resource usage upon completion.
- -prompt <new-prompt>
- Change the prompt to <new-prompt> when invoked interactively. By
default the prompt is "rtconfig> ".
- -ignore_errors
- Do not print error and warning messages due to communication to the
database server or parsing policy objects.
- -report_errors
- Print error and warning messages due to communication to the database
server or parsing policy objects.
- -config <config-format>
- Produce router configuration in <config-format> which is either
cisco (default) or junos.
- -no_match_ip_inbound
- In older Cisco IOS versions, in-bound route maps did not support ip
access-list matches. Use of this option causes rtconfig to use
distribute-lists to overcome this limitation.
- -asdot
- Print AS numbers as asdot, i.e. in "X.Y" format; the default is
to use RFC-5396 recommended "asplain" format.
- -disable_access_list_cache
- rtconfig caches the access-lists (and in the future ip as-path
access-lists and route-maps) that it generates so that the same
access-list number can be reused instead of generating a new access list.
If you do not want rtconfig to consume much memory,
-disable_access_list_cache option can be used to turn off this feature.
However, if you are short on memory on your cisco box, you should leave
this feature enabled.
- -supress_martian
- Deprecated. Properly maintained martian and bogon lists are visible in
both the RIPE and Merit whois servers (e.g. "fltr-bogons",
"fltr-unallocated" and "fltr-martian" objects), and
can be referenced using standard RPSL.
- -cisco_no_compress_acls
- This option only affects cisco configurations. This option is used to
disable combining multiple cisco access list lines into a single line
using wildcards whenever possible.
- -cisco_use_prefix_lists
- This option only affects cisco configurations. This option instructs
rtconfig to output prefix-lists which yield higher performace than
access-lists. This flag implies -cisco_compress_acls.
- -cisco_eliminate_dup_map_parts
- This option only affects cisco configurations. This option instructs
rtconfig to eliminate a later map part if its filter is covered by earlier
map parts.
- -cisco_skip_route_maps
- This option only affects cisco configurations. This option instructs
rtconfig not to print route maps, hence it only prints access lists.
- -cisco_force_tilda
- This option only affects cisco configurations. It forces * and + operators
in AS path regular expressions to be interpreted as ~* and ~+ operators.
This is useful if you get as path access lists with real long lines, it
will force them to multiple lines.
- -cisco_empty_lists
- This option only affects Cisco configurations. It forces interpreting
ANY/NOT ANY prefix filters as universal/empty set of prefixes, and
produces access lists for them. By default only warning is issued.
- -cisco_no_default_afi
- Causes rtconfig not to assume that ipv4.unicast is the router's default
address family. IPv4 peers will then have ipv4.unicast explicitly
activated and policy will be set in ipv4.unicast address family. Useful
when the router is configured with "no bgp default
ipv4-unicast".
- -junos_and_not_or
- This option only affects Juniper configurations. Modify rtconfig Junos
behaviour to match Cisco - AND community & prefix lists rather than
OR'ing them.
- -junos_replace
- This option only affects Juniper configurations. Output replace:
statements to be used with "load replace" on Junos.
- IRR_HOST
- Specifies the IRR host to connect.
- IRR_PORT
- Specifies the IRR port number to connect.
- IRR_SOURCES
- Specifies the source list (comma separated) to consider.
Command line options take precedence over environment
variables.
rtconfig copies standard input to standard output except when it encounters
rtconfig commands on the standard input. All rtconfig commands start with
"@rtconfig" at the beginning of a line. Currently the following
commands are implemented:
- @rtconfig import <ASN-1> <rtr-1> <ASN-2>
<rtr-2>
- <ASN-1> and <ASN-2> are AS numbers preceded with string
"AS". For example, AS number 1 is specified as "AS1".
<rtr-1> and <rtr-2> are ip addresses in prefix notation. For
example, the router with address 128.9.128.9 is specified as
"128.9.128.9". This command instructs rtconfig to generate
import filters where <rtr-1> in <ASN-1> is importing routes
from <rtr-2> in <ASN-2>. The appropriate filters are generated
by considering the import/mp-import lines for
<ASN-2>-<rtr-1>-<rtr-2> in the aut-num object for
<ASN-1>.
- @rtconfig export <ASN-1> <rtr-1> <ASN-2>
<rtr-2>
- The arguments of the export command are the same as the import command.
This command instructs rtconfig to generate export filters where
<rtr-1> in <ASN-1> is exporting routes to <rtr-2> in
<ASN-2>. The appropriate filters are generated by considering the
export/mp-export lines for <ASN-2>-<rtr-1>-<rtr-2> in
the aut-num object for <ASN-1>.
- @rtconfig configureRouter <inet-rtr-name>
- <inet-rtr-name> is the DNS name of an inet-rtr object. This command
will use the named inet-rtr object, and configure import/mp-import and
export/mp-export policies for each of the BGP4 peers of the router (using
the peer attribute).
- @rtconfig importPeerGroup <ASN-1> <rtr-1> <ASN-2>
<rtr-2> <peering-set-name>
- Required when using JunOS to place the import policies inside the correct
peer group.
- @rtconfig importGroup <ASN-1> <peering-set-name>
- @rtconfig exportGroup <ASN-1> <peering-set-name>
- <peering-set-name> is a name of a peering set object. This command
instructs rtconfig to generate import/mp-import (export/mp-export) filters
where <ASN-1> is importing (exporting) routes from (to) the peers
listed in <peering-set-name>. The aut-num object for <ASN-1>
should have an import/mp-import (export/mp-export) attribute using the
peering set's name.
- @rtconfig static2bgp <ASN-1> <rtr-1>
- This command instructs rtconfig to generate inject filters where
<rtr-1> in <ASN-1> is injecting static routes into BGP4. The
appropriate filters are generated by considering the import/mp-import
policies of <ASN-1> where "protocol STATIC" or
"protocol STATIC into BGP4" is used.
- @rtconfig set sources = <source-list>
- <source-list> is string containing comma separated list of sources
to consider. This command instructs rtconfig to change the list of sources
considered.
- @rtconfig access_list filter <filter>
- <filter> is an RPSL filter over AS numbers, AS set names and route
set names using operators AND, OR and NOT. This command instructs rtconfig
to generate an access list for <filter>. <mp-filter> is also
accepted.
- @rtconfig aspath_access_list filter <filter>
- <filter> is an RPSL filter over AS path regular expressions using
operators AND, OR and NOT. This command instructs rtconfig to generate an
as path access list for <filter>.
- @rtconfig printPrefixes <format> filter <filter>
- <format> is a quoted string, and <filter> is an RPSL filter
over AS numbers, AS set names and route set names using operators AND, OR
and NOT, <mp-filter> is also accepted. This command instructs
rtconfig to print the prefixes in <filter> using <format>. The
<format> can contain the following escape sequences:
%p prefix
%l length
%L 32-length
%n n (%p/%l^%n-%m, e.g. 128.9.0.0/16^24-32)
%m m
%k mask
%K inverse of mask (i.e. ~mask)
%% %
\n carriage return
\t tab
Example, use:
@rtconfig printPrefixes "net %p \tmask %k\n" filter AS1
- @rtconfig printPrefixRanges <format> filter <filter>
- This command is same as the "printPrefixes" command, except the
consecutive address prefixes are compressed into a single address prefix
range. <mp-filter> is also accepted.
- @rtconfig printSuperPrefixRanges <format> filter <filter>
- This command is same as the "printPrefixRanges" command, except
it compresses more aggresively. The %n and %m information is lost. But,
%D, a set of dont care bits representing different %n-%m ranges are
provided. <mp-filter> is also accepted.
- @rtconfig set prefix_acl_no = <no>
- <no> is an integer. This command instructs rtconfig to start
numbering prefix access lists at <no>. The older term
"cisco_prefix_acl_no" is deprecated but kept as an alias.
- @rtconfig set aspath_acl_no = <no>
- <no> is an integer. This command instructs rtconfig to start
numbering aspath access lists at <no>. The older term
"cisco_aspath_acl_no" is deprecated but kept as an alias.
- @rtconfig set pktfilter_acl_no = <no>
- <no> is an integer. This command instructs rtconfig to start
numbering inbound/outbound packet filter access lists at <no>. The
older term "cisco_pktfilter_acl_no" is deprecated but kept as an
alias.
- @rtconfig set community_acl_no = <no>
- <no> is an integer. This command instructs rtconfig to start
numbering community access lists at <no>. The older term
"cisco_community_acl_no" is deprecated but kept as an
alias.
Cisco specific commands:
- @rtconfig set cisco_map_name = <map-name>
- <map-name> is a quoted string. This command instructs rtconfig to
use <map-name> as the name for the route maps generated. If the
<map-name> contains %d, it will be replaced by the peer's AS number.
If it contains a second %d, it will be replaced by an integer that is
incremented each time a new map is generated (to ensure unique map names).
The default cisco_map_name is "MyMap_%d_%d".
- @rtconfig set cisco_map_first_no = <no>
- <no> is an integer. This command instructs rtconfig to use
<no> as the first number of a newly generated route map. If missing,
1 is used.
- @rtconfig set cisco_map_increment_by = <no>
- <no> is an integer. This command instructs rtconfig to increment
route map numbers by <no>. If missing, successive route maps are
numbered by increments of 1.
- @rtconfig set community_set_no = <no>
- <no> is an integer. This command instructs rtconfig to start
numbering community sets at <no>.
- @rtconfig set cisco_access_list_no = <no>
- <no> is an integer. This command instructs rtconfig to start
numbering all access lists at <no>.
- @rtconfig set cisco_max_preference = <no>
- <no> is an integer defaulting to 1000. This command instructs
rtconfig to start using preferences from <no> (most preferred) and
counting down from there.
- @rtconfig networks <ASN-1>
- <ASN-1> is an AS number preceded with string "AS". For
each route registered with origin <ASN-1>, a network statement of
the form "network <prefix> mask <mask>" is
generated.
- @rtconfig v6networks <ASN-1>
- <ASN-1> is an AS number preceded with string "AS". For
each route6 registered with origin <ASN-1>, a network statement of
the form "network <prefix> mask <mask>" is
generated.
- @rtconfig default <ASN-1> <ASN-2>
- <ASN-1> and <ASN-2> are AS numbers preceded with string
"AS". This command instructs rtconfig to generate "ip
default-network" statements where <ASN-1> is defaulting to
<ASN-2>. The appropriate statements are generated for the network
addresses listed in the default attribute for <ASN-2> in the aut-num
object of <ASN-1>.
- @rtconfig inbound_pkt_filter <if-name> <ASN-1> <rtr-1>
<ASN-2> <rtr-2>
- The arguments of the inbound_pkt_filter command are the same as the import
command. This command instructs rtconfig to generate packet filters where
<rtr-1> in <ASN-1> is going to drop data packets that are
received from <rtr-2> in <ASN-2>, but do not have source
addresses inside the address prefixes imported from this peer. The
appropriate filters are generated by considering the import lines for
<ASN-2>-<rtr-1>-<rtr-2> in the aut-num object for
<ASN-1>. The filter is applied to the interface <if-name> in
the inbound direction. The <if-name> is a string and must be
enclosed in double quotes.
- @rtconfig pkt_filter <if-name> <ASN-1> <rtr-1>
<ASN-2> <rtr-2>
- An alias for inbound_pkt_filter. Now deprecated.
- @rtconfig outbound_pkt_filter <if-name> <ASN-1> <rtr-1>
<ASN-2> <rtr-2>
- Same as the pkt_filter command, except the appropriate filters are
generated by considering the export lines for
<ASN-2>-<rtr-1>-<rtr-2> in the aut-num object for
<ASN-1>. The filter is applied to the interface <if-name> in
the outbound direction.
Junos specific commands:
- @rtconfig set junos_policy_name = <policy-name>
- <policy-name> is a quoted string. This command instructs rtconfig to
use <policy-name> as the name for the policy statements generated.
If the <policy-name> contains %d, it will be replaced by the peer's
AS number. If it contains a second %d, it will be replaced by an integer
that is incremented each time a new map is generated (to ensure unique map
names). The default junos_map_name is "policy_%d_%d".
- @rtconfig networks <ASN-1>
- <ASN-1> is an AS number preceded with string "AS". For
each route registered with origin <ASN-1>, a network statement of
the form "network <prefix> mask <mask>" is
generated. This needs to be Juniperized.
Here is an example input file:
!
version 10.3
!
interface Ethernet0/0
ip address 198.32.4.1 255.255.255.0
!
router bgp 4550
neighbor 198.32.4.25 remote-as 4551
!
@rtconfig set cisco_map_name = "mymap"
@rtconfig set cisco_access_list_no = 500
@rtconfig import AS4550 198.32.4.1 AS4551 198.32.4.25
!
end
Please see the tests directory in the distribution for more
examples.
Cisco Configuration Generation:
Policies in IRR which has as-path regular expressions
containing [,] are only converted if (1) it is not a negated set, (2) it does
not contain ranges with more than 10 numbers in the range. The following
examples are not converted:
[^ AS1]
[AS1-AS11]
The first one is not converted because it is a negated set. The second one is
not converted because AS1-AS11 contains 11 numbers. The following examples are
converted:
[AS1 AS56 AS100]
[AS1-AS10]
[AS5 AS100-AS105 AS200 AS300-AS307]
Note that the last example contains 16 numbers which is more than 10. This is
converted since no single range (AS100-AS105 or AS300-AS307) contains more
than 10 numbers.
Error in template file
Wrong rtconfig command, syntax or arguments to rtconfig
command.
Error: config file format <config_format> is not
supported...
Unknown config format specified. Supported formats are: cisco,
junos.
Error: no object for router: <router_name>
inet-rtr object cannot be found in the specified IRR for specified
source. It can be a typo or a real error, and the object is
non-existent.
Error: no object for AS <as_number>
aut-num object cannot be found in the specified IRR for specified
source. It can be a typo or a real error, and the object is
non-existent.
Unknown operator:
Syntax error in format specification, check the description of the
printPrefixes command.
Error: Badly formed prefix filter
Syntax error in prefix filter specification. See RFC [2622]
(Address prefix filters)
Error: Badly formed AS_path filter
Syntax error in AS_path filter specification. See RFC [2622]
(AS_path filters)
Warning: filter matches ANY/NOT ANY
Filter is empty or universal, i.e. matches none or all prefixes
respectively.
Warning: AS <as_no> has no import(export) policy for AS
<peer_as> <peer_IP> at <local_IP>
The matching import(export) policy cannot be found in the aut-num
object for <as_no>, for peering aut-num <peer_as> with
<peer_IP> at <local_IP> address. It can be a typo or your policy
is incomplete. Check your aut-num object.
Warning: AS <as_no> has no default policy for AS
<peer_as>
The matching default policy cannot be found int the aut-num object
for <as_no>
Warning: unimplemented method <rp_attr>.<method>
Unimplemented method for this rp_attribute is specified. This
error indicates that method is correctly specified in RPSL dictionary, but
has no actual implementation for rtconfig.
For more error descriptions, please see irrtoolset-errors
manual page.
Cengiz Alaettinoglu <cengiz@isi.edu> Katie Petrusha <katie@ripe.net>
Visit the GSP FreeBSD Man Page Interface. Output converted with ManDoc. |