FreeBSD Manual Pages
rtconfig(1) General Commands Manual rtconfig(1) NAME rtconfig - Tool for producing configs from IRR routing policies SYNOPSIS rtconfig [flags] DESCRIPTION rtconfig analyzes the routing policies registered in the Internet Rout- ing Registry (IRR) and produces router configuration files. It cur- rently supports cisco and junos router configuration file formats. rt- config reads lines form the standard input, and prints them to the standard output, except for the lines that start with "@rtconfig" which instruct rtconfig to perform special operation (please see "rtconfig Commands" Section below). rtconfig establishes a whois connection to query IRR. IRRToolSet COMMON OPTIONS -help Print summary of command-line options and abort. -T [whois_query | whois_response | input | all] Trace the argument. Useful for debugging. -D <integer> Print debugging messages of debug channel <integer> (if compiled with ENABLE_DEBUG defined). -version Print the version number and quit. -h <host-name> Establish a whois connection to host <host-name>. The default is whois.radb.net. -p <port-no> Establish an whois connection to port <port-no>. The de- fault is 43. -protocol <protocol> Use the <protocol> to connect to the IRR server. <proto- col> can be irrd(rawhoisd) or ripe(bird). The default is irrd. -s <source-list> Consider the sources specified in the comma separated <source-list>. If an object is defined in multiple sources in <source-list>, rtconfig uses the definition first encountered in <source-list> from left to right. -f <file-name> IRR cache file. You can have any RPSL object in this file, except route objects. They will override these ob- jects in IRR. This option is intended for private ob- jects, or to test new public objects before publishing. You can specify more than one cache file by specifying this option repeatedly. -rusage Print resource usage upon completion. -prompt <new-prompt> Change the prompt to <new-prompt> when invoked interac- tively. By default the prompt is "rtconfig> ". -ignore_errors Do not print error and warning messages due to communica- tion to the database server or parsing policy objects. -report_errors Print error and warning messages due to communication to the database server or parsing policy objects. OTHER OPTIONS -config <config-format> Produce router configuration in <config-format> which is either cisco (default) or junos. -no_match_ip_inbound In older Cisco IOS versions, in-bound route maps did not support ip access-list matches. Use of this option causes rtconfig to use distribute-lists to overcome this limitation. -asdot Print AS numbers as asdot, i.e. in "X.Y" format; the de- fault is to use RFC-5396 recommended "asplain" format. -disable_access_list_cache rtconfig caches the access-lists (and in the future ip as-path access-lists and route-maps) that it generates so that the same access-list number can be reused instead of generating a new access list. If you do not want rtcon- fig to consume much memory, -disable_access_list_cache option can be used to turn off this feature. However, if you are short on memory on your cisco box, you should leave this feature enabled. -supress_martian Deprecated. Properly maintained martian and bogon lists are visible in both the RIPE and Merit whois servers (e.g. "fltr-bogons", "fltr-unallocated" and "fltr-mart- ian" objects), and can be referenced using standard RPSL. -cisco_no_compress_acls This option only affects cisco configurations. This op- tion is used to disable combining multiple cisco access list lines into a single line using wildcards whenever possible. -cisco_use_prefix_lists This option only affects cisco configurations. This op- tion instructs rtconfig to output prefix-lists which yield higher performace than access-lists. This flag im- plies -cisco_compress_acls. -cisco_eliminate_dup_map_parts This option only affects cisco configurations. This op- tion instructs rtconfig to eliminate a later map part if its filter is covered by earlier map parts. -cisco_skip_route_maps This option only affects cisco configurations. This op- tion instructs rtconfig not to print route maps, hence it only prints access lists. -cisco_force_tilda This option only affects cisco configurations. It forces * and + operators in AS path regular expressions to be interpreted as ~* and ~+ operators. This is useful if you get as path access lists with real long lines, it will force them to multiple lines. -cisco_empty_lists This option only affects Cisco configurations. It forces interpreting ANY/NOT ANY prefix filters as univer- sal/empty set of prefixes, and produces access lists for them. By default only warning is issued. -cisco_no_default_afi Causes rtconfig not to assume that ipv4.unicast is the router's default address family. IPv4 peers will then have ipv4.unicast explicitly activated and policy will be set in ipv4.unicast address family. Useful when the router is configured with "no bgp default ipv4-unicast". -junos_and_not_or This option only affects Juniper configurations. Modify rtconfig Junos behaviour to match Cisco - AND community & prefix lists rather than OR'ing them. -junos_replace This option only affects Juniper configurations. Output replace: statements to be used with "load replace" on Junos. ENVIRONMENT VARIABLES IRR_HOST Specifies the IRR host to connect. IRR_PORT Specifies the IRR port number to connect. IRR_SOURCES Specifies the source list (comma separated) to consider. Command line options take precedence over environment variables. rtconfig COMMANDS rtconfig copies standard input to standard output except when it en- counters rtconfig commands on the standard input. All rtconfig com- mands start with "@rtconfig" at the beginning of a line. Currently the following commands are implemented: @rtconfig import <ASN-1> <rtr-1> <ASN-2> <rtr-2> <ASN-1> and <ASN-2> are AS numbers preceded with string "AS". For example, AS number 1 is specified as "AS1". <rtr-1> and <rtr-2> are ip addresses in prefix notation. For example, the router with address 128.9.128.9 is spec- ified as "128.9.128.9". This command instructs rtconfig to generate import filters where <rtr-1> in <ASN-1> is importing routes from <rtr-2> in <ASN-2>. The appropri- ate filters are generated by considering the import/mp- import lines for <ASN-2>-<rtr-1>-<rtr-2> in the aut-num object for <ASN-1>. @rtconfig export <ASN-1> <rtr-1> <ASN-2> <rtr-2> The arguments of the export command are the same as the import command. This command instructs rtconfig to gen- erate export filters where <rtr-1> in <ASN-1> is export- ing routes to <rtr-2> in <ASN-2>. The appropriate fil- ters are generated by considering the export/mp-export lines for <ASN-2>-<rtr-1>-<rtr-2> in the aut-num object for <ASN-1>. @rtconfig configureRouter <inet-rtr-name> <inet-rtr-name> is the DNS name of an inet-rtr object. This command will use the named inet-rtr object, and con- figure import/mp-import and export/mp-export policies for each of the BGP4 peers of the router (using the peer at- tribute). @rtconfig importPeerGroup <ASN-1> <rtr-1> <ASN-2> <rtr-2> <peer- ing-set-name> Required when using JunOS to place the import policies inside the correct peer group. @rtconfig importGroup <ASN-1> <peering-set-name> @rtconfig exportGroup <ASN-1> <peering-set-name> <peering-set-name> is a name of a peering set object. This command instructs rtconfig to generate import/mp-im- port (export/mp-export) filters where <ASN-1> is import- ing (exporting) routes from (to) the peers listed in <peering-set-name>. The aut-num object for <ASN-1> should have an import/mp-import (export/mp-export) at- tribute using the peering set's name. @rtconfig static2bgp <ASN-1> <rtr-1> This command instructs rtconfig to generate inject fil- ters where <rtr-1> in <ASN-1> is injecting static routes into BGP4. The appropriate filters are generated by con- sidering the import/mp-import policies of <ASN-1> where "protocol STATIC" or "protocol STATIC into BGP4" is used. @rtconfig set sources = <source-list> <source-list> is string containing comma separated list of sources to consider. This command instructs rtconfig to change the list of sources considered. @rtconfig access_list filter <filter> <filter> is an RPSL filter over AS numbers, AS set names and route set names using operators AND, OR and NOT. This command instructs rtconfig to generate an access list for <filter>. <mp-filter> is also accepted. @rtconfig aspath_access_list filter <filter> <filter> is an RPSL filter over AS path regular expres- sions using operators AND, OR and NOT. This command in- structs rtconfig to generate an as path access list for <filter>. @rtconfig printPrefixes <format> filter <filter> <format> is a quoted string, and <filter> is an RPSL fil- ter over AS numbers, AS set names and route set names us- ing operators AND, OR and NOT, <mp-filter> is also ac- cepted. This command instructs rtconfig to print the prefixes in <filter> using <format>. The <format> can contain the following escape sequences: %p prefix %l length %L 32-length %n n (%p/%l^%n-%m, e.g. 128.9.0.0/16^24-32) %m m %k mask %K inverse of mask (i.e. ~mask) %% % \n carriage return \t tab Example, use: @rtconfig printPrefixes "net %p \tmask %k\n" filter AS1 @rtconfig printPrefixRanges <format> filter <filter> This command is same as the "printPrefixes" command, ex- cept the consecutive address prefixes are compressed into a single address prefix range. <mp-filter> is also ac- cepted. @rtconfig printSuperPrefixRanges <format> filter <filter> This command is same as the "printPrefixRanges" command, except it compresses more aggresively. The %n and %m in- formation is lost. But, %D, a set of dont care bits rep- resenting different %n-%m ranges are provided. <mp-fil- ter> is also accepted. @rtconfig set prefix_acl_no = <no> <no> is an integer. This command instructs rtconfig to start numbering prefix access lists at <no>. The older term "cisco_prefix_acl_no" is deprecated but kept as an alias. @rtconfig set aspath_acl_no = <no> <no> is an integer. This command instructs rtconfig to start numbering aspath access lists at <no>. The older term "cisco_aspath_acl_no" is deprecated but kept as an alias. @rtconfig set pktfilter_acl_no = <no> <no> is an integer. This command instructs rtconfig to start numbering inbound/outbound packet filter access lists at <no>. The older term "cisco_pktfilter_acl_no" is deprecated but kept as an alias. @rtconfig set community_acl_no = <no> <no> is an integer. This command instructs rtconfig to start numbering community access lists at <no>. The older term "cisco_community_acl_no" is deprecated but kept as an alias. Cisco specific commands: @rtconfig set cisco_map_name = <map-name> <map-name> is a quoted string. This command instructs rtconfig to use <map-name> as the name for the route maps generated. If the <map-name> contains %d, it will be re- placed by the peer's AS number. If it contains a second %d, it will be replaced by an integer that is incremented each time a new map is generated (to ensure unique map names). The default cisco_map_name is "MyMap_%d_%d". @rtconfig set cisco_map_first_no = <no> <no> is an integer. This command instructs rtconfig to use <no> as the first number of a newly generated route map. If missing, 1 is used. @rtconfig set cisco_map_increment_by = <no> <no> is an integer. This command instructs rtconfig to increment route map numbers by <no>. If missing, succes- sive route maps are numbered by increments of 1. @rtconfig set community_set_no = <no> <no> is an integer. This command instructs rtconfig to start numbering community sets at <no>. @rtconfig set cisco_access_list_no = <no> <no> is an integer. This command instructs rtconfig to start numbering all access lists at <no>. @rtconfig set cisco_max_preference = <no> <no> is an integer defaulting to 1000. This command in- structs rtconfig to start using preferences from <no> (most preferred) and counting down from there. @rtconfig networks <ASN-1> <ASN-1> is an AS number preceded with string "AS". For each route registered with origin <ASN-1>, a network statement of the form "network <prefix> mask <mask>" is generated. @rtconfig v6networks <ASN-1> <ASN-1> is an AS number preceded with string "AS". For each route6 registered with origin <ASN-1>, a network statement of the form "network <prefix> mask <mask>" is generated. @rtconfig default <ASN-1> <ASN-2> <ASN-1> and <ASN-2> are AS numbers preceded with string "AS". This command instructs rtconfig to generate "ip default-network" statements where <ASN-1> is defaulting to <ASN-2>. The appropriate statements are generated for the network addresses listed in the default attribute for <ASN-2> in the aut-num object of <ASN-1>. @rtconfig inbound_pkt_filter <if-name> <ASN-1> <rtr-1> <ASN-2> <rtr-2> The arguments of the inbound_pkt_filter command are the same as the import command. This command instructs rt- config to generate packet filters where <rtr-1> in <ASN-1> is going to drop data packets that are received from <rtr-2> in <ASN-2>, but do not have source addresses inside the address prefixes imported from this peer. The appropriate filters are generated by considering the im- port lines for <ASN-2>-<rtr-1>-<rtr-2> in the aut-num ob- ject for <ASN-1>. The filter is applied to the interface <if-name> in the inbound direction. The <if-name> is a string and must be enclosed in double quotes. @rtconfig pkt_filter <if-name> <ASN-1> <rtr-1> <ASN-2> <rtr-2> An alias for inbound_pkt_filter. Now deprecated. @rtconfig outbound_pkt_filter <if-name> <ASN-1> <rtr-1> <ASN-2> <rtr-2> Same as the pkt_filter command, except the appropriate filters are generated by considering the export lines for <ASN-2>-<rtr-1>-<rtr-2> in the aut-num object for <ASN-1>. The filter is applied to the interface <if- name> in the outbound direction. Junos specific commands: @rtconfig set junos_policy_name = <policy-name> <policy-name> is a quoted string. This command instructs rtconfig to use <policy-name> as the name for the policy statements generated. If the <policy-name> contains %d, it will be replaced by the peer's AS number. If it con- tains a second %d, it will be replaced by an integer that is incremented each time a new map is generated (to en- sure unique map names). The default junos_map_name is "policy_%d_%d". @rtconfig networks <ASN-1> <ASN-1> is an AS number preceded with string "AS". For each route registered with origin <ASN-1>, a network statement of the form "network <prefix> mask <mask>" is generated. This needs to be Juniperized. EXAMPLES Here is an example input file: ! version 10.3 ! interface Ethernet0/0 ip address 198.32.4.1 255.255.255.0 ! router bgp 4550 neighbor 198.32.4.25 remote-as 4551 ! @rtconfig set cisco_map_name = "mymap" @rtconfig set cisco_access_list_no = 500 @rtconfig import AS4550 198.32.4.1 AS4551 198.32.4.25 ! end Please see the tests directory in the distribution for more examples. LIMITATIONS Cisco Configuration Generation: Policies in IRR which has as-path regular expressions containing [,] are only converted if (1) it is not a negated set, (2) it does not contain ranges with more than 10 numbers in the range. The following examples are not converted: [^ AS1] [AS1-AS11] The first one is not converted because it is a negated set. The second one is not converted because AS1-AS11 contains 11 num- bers. The following examples are converted: [AS1 AS56 AS100] [AS1-AS10] [AS5 AS100-AS105 AS200 AS300-AS307] Note that the last example contains 16 numbers which is more than 10. This is converted since no single range (AS100-AS105 or AS300-AS307) contains more than 10 numbers. ERROR AND WARNING MESSAGES Error in template file Wrong rtconfig command, syntax or arguments to rtconfig command. Error: config file format <config_format> is not supported... Unknown config format specified. Supported formats are: cisco, junos. Error: no object for router: <router_name> inet-rtr object cannot be found in the specified IRR for speci- fied source. It can be a typo or a real error, and the object is non-existent. Error: no object for AS <as_number> aut-num object cannot be found in the specified IRR for speci- fied source. It can be a typo or a real error, and the object is non-existent. Unknown operator: Syntax error in format specification, check the description of the printPrefixes command. Error: Badly formed prefix filter Syntax error in prefix filter specification. See RFC [2622] (Address prefix filters) Error: Badly formed AS_path filter Syntax error in AS_path filter specification. See RFC [2622] (AS_path filters) Warning: filter matches ANY/NOT ANY Filter is empty or universal, i.e. matches none or all prefixes respectively. Warning: AS <as_no> has no import(export) policy for AS <peer_as> <peer_IP> at <local_IP> The matching import(export) policy cannot be found in the aut- num object for <as_no>, for peering aut-num <peer_as> with <peer_IP> at <local_IP> address. It can be a typo or your policy is incomplete. Check your aut-num object. Warning: AS <as_no> has no default policy for AS <peer_as> The matching default policy cannot be found int the aut-num ob- ject for <as_no> Warning: unimplemented method <rp_attr>.<method> Unimplemented method for this rp_attribute is specified. This error indicates that method is correctly specified in RPSL dic- tionary, but has no actual implementation for rtconfig. For more error descriptions, please see irrtoolset-errors manual page. AUTHORS AND CONTRIBUTORS Cengiz Alaettinoglu <cengiz@isi.edu> Katie Petrusha <katie@ripe.net> local rtconfig(1)
NAME | SYNOPSIS | DESCRIPTION | IRRToolSet COMMON OPTIONS | OTHER OPTIONS | ENVIRONMENT VARIABLES | rtconfig COMMANDS | EXAMPLES | LIMITATIONS | ERROR AND WARNING MESSAGES | AUTHORS AND CONTRIBUTORS
Want to link to this manual page? Use this URL:
<https://man.freebsd.org/cgi/man.cgi?query=rtconfig&sektion=1&manpath=FreeBSD+Ports+15.0>