[ Previous | Next | Contents | Glossary | Home | Search ]
AIX Version 4 Files Reference

gated.conf File Format for TCP/IP

Purpose

Contains configuration information for the gated daemon.

Description

The /etc/gated.conf file contains configuration information for the gated daemon. The file contains a sequence of statements. Statements are composed of tokens separated by white space. You can create white space using any combination of blanks, tabs, and new lines. The gated.conf file supports eight classes of statements:

directive Identify include files and the directories that contain them. The parser acts immediately upon directive statements.
trace Control tracing options.
option Specify global options.
interface Specify interface options.
definition Specify options, the autonomous system, and martian networks.
protocol Enable or disable protocols and set protocol options.
route Define static routes.
control Define routes imported to and exported from routing peers.

You terminate a statement with a ; (semi-colon), except for directive statements. You terminate directive statements with a newline character.

You can specify directive and trace statements in any order in the gated.conf file. The remaining classes must be specified in order: trace, option, interface, definition, protocol, static route, and control.

You can specify comments in the gated.conf file using a # (pound sign) or C programing comments. To create a comment with a # pound sign, place the pound sign at the beginning of the line and the system ignores everything to the end of the line. C comments can appear anywhere on a line. A C comment starts with an /* (slash asterisk) and continues until it ends with */ (asterisk slash).

Statement Primitives

Statements are constructed using a number of primitives. These primitives are the following:

AutonomousSystem Specifies a global autonomous system when used with the autonomoussystem definition statement. Specifies an alternative autonomous system when used with the asout clause in the Exterior Gateway Protocol (EGP) and Border Gateway Protocol (BGP) statements.
Destination Specifies any host or network.
DestMask Specifies any host or network with an optional mask. The following illustrates three possibilities for specifying a host or network:
  • all
  • Destination
  • Destination mask DestMask.

A mask is a dotted quad specifying the significant bits of the destination. Use the token all to match any IP address.

Host Specifies a host. You can specify a host by its IP address or by a domain name. The host bits in the IP Address must be non-zero. Do not specify a domain name that has multiple IP addresses.
Interface Identifies an interface. You can specify an IP address, domain name, or interface name for this primitive. Use caution with this primitive because the AIX Version 4 operating system allows a single interface to have more than one address.
InterfaceList Specifies a list of one or more interfaces. You can specify an interface name, wildcard names (names without a number), or address. To specify all interfaces, use the all token.
Gateway Identifies a host on an attached network.
GatewayList Specifies a list of one or more gateways.
Metric Specifies a valid metric for the specified protocol.
Network Specifies any network. You can identify a network by its IP address or network name. The host bits in a network specification must be zero. To specify the default network of 0.0.0.0, use the Default keyword.
Preference Determines the order for routes to the same destination in the routing table. The gated daemon allows one route to a destination per protocol or per autonomous system. For multiple routes, preference is determined using a number from 0 through 255, where 0 is the most preferred and 255 is the least preferred.

In case of a preference tie, if the two routes are from the same protocol and from the same autonomous system, the gated daemon chooses the route with the lowest metric. Otherwise, the daemon chooses the route with the lowest numeric next-hop gateway address.

Directive Statements

Directive statements specify include files and the directories they reside in. Directive statements end with a newline. The following are directive statements:

%directory "PathName" Specifies the prefix applied to include files to the PathName value. The gated daemon looks in this directory for included files that do not begin with a / (slash).
%include "FileName" Causes the parser to parse the specified file completely before parsing resumes on the previous file. Up to 10 levels can be nested.

Trace Statements

The following trace statements control tracing options and specify trace-output level:

all Enables all options except the nostamp option.
bgp Sends and receives BGP packets. You can modify this option with the update and protocol options.
egp Receives EGP packets. You can modify this option with the update and protocol option.
external Enables external errors.
general Turn on internal, external, and route.
hello Sends and receives HELLO packets. You can modify this the update option.
icmp Sends and receives ICMP redirect packets. You can modify this the update option. Redirects that are processed are traced under the route option.
internal Enables internal errors and informational messages.
kernel Changes the kernel's routing table.
mark Writes a message to the trace log every 10 minutes to ensure that the gated daemon is still running.
nostamp Prevents time stamping of messages in the trace file.
parse Indicates that tokens the parser recognizes are in the gated.conf file.
protocol Provides messages about protocol state machine transitions when used with EGP, BGP, or OSPF.
rip Sends and receives RIP packets. You can modify this the update option.
route Changes the gated routing table.
snmp Sends and receives SNMP packets. You can modify this the update option.
task Enables task scheduling, signal handling and packet reception.
timer Enables timer scheduling.
update Traces the contents of protocol packets.

Options Statements

Option statements specify global options. An option statement has the following form:

options OptionList

The OptionsList parameter sets gated daemon options. The following are valid options:

noinstall Do not change the kernel's routing table. This option is useful for verifying configuration files.
gendefault Generates a default route when the BGP and EGP neighbors are up. This route is not installed in the kernel's routing table. This route may be announced by other protocols. You can do this by referencing the special Default protocol.
nosend Do not send any packets. This options allows you to run the gated daemon on a live network to test protocol interactions without actually participating in the routing protocols. You can examine the packet traces in the gated log to verify that the daemon is functioning properly. This option is most useful for the RIP, HELLO, and SMUX SNMP interfaces. This option does not apply to BGP packets.
noresolv Do not try to resolve symbolic names into IP addresses by using the host table, the network table, or the Domain Name System (DNS). This option is intended for systems where a lack of routing information could cause a DNS lookup to hang.
syslog Controls the amount of data the gated daemon logs using the syslog subroutine systems where the setlogmask subroutine is supported. See the setlogmask subroutine for more information about log levels. The default is equivalent to syslog upto info.

Interface Statements

Interface statements specify interface options. Interface statements have the following form:


interface {
          options [ strictifs ] [ scaninterval Time 
];
          interface InterfaceList InterfaceOptions;
          define Address [ broadcast Address | 
pointopoint 
              LocalAddress ]
                              [ netmask Netmask ] [ multicast ];
};

The interface statement clauses have the following values:

options Sets global options related to interfaces. You can set one of the following:
strictfs Indicates that it is a fatal error to reference an interface in the configuration file that is not listed in a define statement or not present when the gated daemon is started. Without this option, a warning message is issued and the gated daemon continues.
scaninterval Time Specifies how often the gated daemon scans the kernel interface list for changes. The default is 60 seconds.
Note: The gated daemon also scans the interface list on receipt of a SIGUSR2 signal.
define Defines interfaces that may not be present when the gated daemon is started. The gated daemon considers it an error to reference a non-existent interface in the gated.conf file. This clause allows specification of that interface so that you can reference it in the gated.conf file. The keywords for this definition are:
broadcast Address Defines the interfaces as broadcast capable, for example, Ethernet or Token Ring. Specifies the broadcast address.
pointopoint LocalAddress Specifies the address of the local host. This keyword indicates the interface is a point to point interface such as SLIP and PPP. For this type of interface, the interface address primitive is the address of the remote host.
netmask Netmask Specifies the non-standard subnet mask to use on this interface. This option is ignored on point to point interfaces.
multicast Specifies the interface is multicast capable.

An interface that is not defined as broadcast or POINTOPOINT is assumed to be a non-broadcast, multiaccess (NBMA).

interface Sets interface options on the specified interfaces. You can specify all, a list of interface names, domain names, or numeric addresses for the InterfaceList value. You can use any of the following for the InterfaceOptions:
preference Pref Sets the preference for routes to this interface when it is up. The default is 0.
down preference Pref Sets the preference for routes to this interface when the gated daemon believes it is down due to lack of received routing information. The default is 120.
passive Prevents the gated daemon from changing the preference of the route to this interface if it is down due to a lack of received routing information.
simplex Indicates an interface is unable to hear its own broadcast packets. Defining an interface as simplex is functionally equivalent to defining it as passive.
reject Specifies that the address loopback interfaces that match these criterion is used as the local address when installing reject routes in the kernel. You should only use this with systems that have installed a reject/blackhole pseudo interface, such as those based on BSD 4.3 Tahoe or earlier.
blackhole Specifies that the address loopback interface that match these criteria will be used as the local address when installing blackhole routes in the kernel. You should only use this with systems that have installed a reject/blackhole pseudo interface, such as those based on BSD 4.3 Tahoe or earlier.

Definition Statements

The following definition statements specify options, the autonomous system, martian networks, and interface options:

autonomoussystem AutonomousSystem;
                          Sets the autonomous system of the router to the AutonomousSystem value. This option is required when using the BGP or EGP protocol.
martian {
        MartianList
        } ;
Defines a list of martian addresses about which all routing information is ignored. The MartianList value consists of symbolic or numeric hosts with optional masks. Each address is separated by a ; (semicolon).
routerid Host Sets the router identifies for use by the BGP or OSPF protocols. The default is the address of the first interface encountered by the gated daemon. The address of a non-POINTOPOINT interface is preferred over the local address of a POINTOPOINT interface and an address on a loopback interface that is not the loopback address (127.0.0.1) that is most preferred.

Protocol Statements

This section explains the configuration options for routing protocols. These options enable or disable the use of a protocol and control protocol options. Protocol statements may be specified in any order. The protocol statements consist of one of the following protocol names:

For all protocols, preference controls the choice of routes learned with this protocol or from this autonomous system in relation to routes learned from other protocols or autonomous systems. The default metric used when propagating routes learned from other protocols is specified with defaultmetric which itself defaults to the highest valid metric. For many protocols, this signifies a lack of reachability.

For distance vector IGPs with no explicit connections or authentication (RIP and HELLO) and redirects (ICMP), the trustedgateways clause supplies a list of gateways providing valid routing information. Routing packets from other gateways are ignored. This defaults to all gateways on the attached networks.

Routing packets can be sent not only to the remote end of point-to-point links and the broadcast address of broadcast-capable interfaces, but also to specific gateways if they are listed in the sourgateways clause and yes or on is specified. If nobroadcast is specified, routing updates are sent only to gateways listed in the sourcegateways clause and not at all to the broadcast address. You can disable the transmission and reception of routing packets for a particular protocol with the interface clause. An interface clause that disables sending or receiving protocol packets can be overridden for specific peers using the trustedgateways and sourcegateways clauses.

For exterior protocols, (BGP, EGP), the autonomous system advertised to the peer is specified by the global autonomoussystem clause unless it is also overridden by the asout option. The incoming autonomous system number is not verified unless peeras is specified. Specifying metricout fixes the outgoing metric for all routes propagated to this peer. If the peer does not share a network, you can use interface to specify the interface address to use when communicating with this peer. Use gateway to specify the next hop to use for all routes learned from this peer. An internal default is generated when routing information is learned from a peer unless you specify the nogendefault option.

Any protocol can have a traceoptions clause. This clause enables tracing for a particular protocol, group, or peer. The following protocol-specific options are:

Using the gated Daemon with the Routing Information Protocol (RIP)

The following protocol statement configures the (RIP) for the gated daemon:

rip yes|no|on|off {
                   broadcast;
                   nobroadcast;
                   nocheckzero
                   preference Preference;
                   defaultmetric Metric;
                   interface InterfaceList[noripin] [noripout]
                                      [ metricin Metric ] [ metricout Metric ]
                                      [ version 1 ] | [ version 2 [ multicast | broadcast ] ];
. . .
                   trustedgateways  GatewayList ;
                   sourcegateways  GatewayList ;
                   traceoptions TraceOptions
} ] 

If you do not specify the rip clause, the default is rip on. The nobroadcast option specifies that RIP packets are sent to gateways listed in the sourcegateways clause, if there are any. If you specify yes or on, RIP assumes nobroadcast if there is only one interface and broadcast if there is more than one. The broadcast option specifies that RIP packets are always generated. The nocheckzero option specifies that RIP should not ensure that the reserved fields in RIP packets are zero.

Note: Using the broadcast option with only one interface is useful only when propagating static routes or routes learned from another protocol. This will cause data packets to travel across the same network twice. This behavior may be tolerable in certain configurations.

If the version is specified as or defaults to 1, RIP version 2 packets are never sent except in response to a v2 POLL packet. If the version is specifies as 2, RIP version 2 packets are sent to the RIP multicast address if possible, or the broadcast address, unless the method is explicitly specified.

The default Metric is 16. The default Preference is 100.

Using the gated Daemon with the HELLO Protocol

The following protocol statement configures the Defense Communications Network Local-Network Protocol (HELLO) for the gated daemon:

hello  yes|no|on| off {
                  broadcast;
                  nobroadcast;
                  preference Preference ;
                  defaultmetric Metric ;
                  interface InterfaceList [ nohelloin] [nohelloout]
                                     [ metricin Metric ] [ metricoutMetric ];
. . .
                  trustedgateways GatewayList;
                  sourcegateways GatewayList;
                  traceoptions TraceOptions
] ;

If you specify the yes or on option, HELLO assumes nobrodcast if there is only one interface and broadcast if there is more than one. If the HELLO clause is not specified, the default is hello off. The broadcast option specifies that HELLO will be generated. The nobroadcast option specifies that HELLO packets be sent to gateways listed in the sourcegateways clause, if there are any.

Note: Using the broadcast option with only one interface is useful only when propagating static routes or routes learned from another protocol. This causes data packets to travel across the same network twice.

The default metricount option is 0. The default metricin option is a translation of the kernel interface metric into a hello metric plus 100 ( the default HELLO hop count).

The default Metric is 30000. The default Preference is 90.

Using the gated Daemon with the OSPF Protocol

ospf yes | no | on | off [ {
                   [ defaults {
                                     preferencePreference;
                                     cost Cost;
                                     tag [ Tag [ as [ AsTag ] ];
                                     type 1 | 2;
                   } ] ;
[ exportlimit Routes; ]
[ exportinterval Time; ]
[ traceoptions TraceOptions; ]
[ monitorauthkey AuthKey; ]
[ area Area {
                   authtype 0 | 1 | none | simple;
                   sub [ cost Cost ];
                   networks {
                                      network [ mask Mask ];
                   };
                   stubhosts {
                                     Host cost Cost;
                   };
                   interface Interface [ cost Cost ]
{                                    [ enable | disable ] ;
                                     retransmitinterval Time;
                                     transitdelay Time;
                                     priority Priority;
                                     hellointerval Time;
                                     routerdeadinterval Time;
                                     authkey AuthKey;
                   };
                   interface Interface nonbroadcast [ cost Cost ] {
                                     pollinterval Time;
                                     routers {
                                                        Gateway [ eligible ];
                                     ...
                                     };
                                     [ enable | disable ] ;
                                     retransmitinterval Time;
                                     transitdelay Time;
                                     priority Priority;
                                     hellointerval Time;
                                     routerdeadinterval Time;
                                     authkey AuthKey;
                   } ;
} ; ]
[ backbone {
                   authtype 0 | 1 | none | simple ;
                   networks {
                                     network [ mask Mask ];
                   } ;
                   subhosts {
                                     Host cost Cost;
                   };
                   interface Interface nonbroadcast [ cost Cost ] {
                                     [ enable | disable ];
                                    retransmitinterval Time;
                                     transitdelay Time;
                                     priority Priority;
                                     hellointerval Time;
                                     routerdeadinterval Time;
                                     authkey AuthKey;
                   } ;
                   ...
                    interface Interface nonbraodcast [ cost Cost ] {
                                     pollinterval Time;
                                     routers {
                                                        Gateway [ eligible ];
                                                        ...
                                     };
                                     [ enable | disable ];
                                      retransmitinterval Time;
                                     transitdelay Time;
                                     priority Priority;
                                     hellointerval Time;
                                     routerdeadinterval Time;
                                     authkey AuthKey;
                   } ;
                   ...
                    virtuallink neighborid Host transitarea Area {
                                     [ enable |disable ] ;
                                     retransmitinterval Time;
                                     transitdelay Time;
                                     priority Priority;
                                     hellointerval Time;
                                     routerdeadinterval Time;
                                     authkey AuthKey;
                   } ;
                   ...
         } ; ]
} ] ;

These clauses have the following values:

Interface Specifies an interface. You can specify an address, a name, a wildcard name (name without any number), or all. You can specify multiple interface clauses with different parameters, the parameters used are accumulated from the interface clauses. If a parameter is specified more than once, the instance with the most specific interface reference is used. The order of precedence is address, name, wildcard name, and all.
Cost Specifies an OSPF internal cost. This value must be a number between 0 and 65535,
Tag Identifies an OSPF tag. This number is placed on all routes exported by the gated daemon into OSPF. The tag is an unsigned 31-bit number.
AsTag Identifies an OSPF-BGP tag. This number is placed on all routes exported by the gated daemon into OSPF. When tag as or AsTag is used, tag fields are automatically generated and the AsTag fields is assigned if specified. This number is an unsigned 12- bit number.
Metric Specifies an OSPF external (ASE) cost between 0 and 16777215.
Area Specifies a dotted quad or a number between 1 and 4294967295. Area 0 is always referred to as the backbone.
AuthKey Specifies an authorization key. This is 1 to 8 decimal digits separated by periods, a 1 to 8 byte hexadecimal string preceded by 0x or a one to eight character string in double quotes.
Priority Specifies a priority number between 0 and 255 specifying the priority of becoming the designated router on this interface.

OSPF inter and intra area are always imported into the gated routing table with a preference of 10. It is a violation of the protocol to do otherwise so it is not possible to override this. OSPF Autonomous System External (ASE) routes are imported with a preference of 150. This default can be changed with the preference keyword in the defaults section. ASE routes are imported at a rate of 100 ASEs every 1 second, you can tune these parameters with the exportlimit and exportinterval parameters.

gated routes are exported to OSPF as ASEs with a default cost of 0 and a type of 1. By default, the tag is calculated from the AS path of the route being exported (TAG AS). You can change all of these in the defaults section.

Notes:
  1. You can specify OSPF areas in any order, but you must specify the backbone area last.
  2. Reconfiguration (SIGHUP) is disabled when OSPF is enabled.

Using the gated Daemon with the Exterior Gateway Protocol (EGP)

The following protocol statement configures the EGP for the gated daemon:

egp  yes | no | on | off  [ {
                   [ preference Preference; ]
                   [ defaultmetric Metric; ]
                   [ packetsize MaxPacketSize; ]
                   [ traceoptions TraceOptions; ]
                   [ group     [ peeras AutonomousSystem]
                                     [ localas AutonomousSystem]
                                     [maxup  Number]
                                     [ preference Preference
{
                     neighbor Host
                                     [ metricout Metric ]
                                     [ nogendefault ]
                                     [ importdefault ]
                                     [ exportdefault ]
                                     [ gateway Gateway ]
                                     [ lcladdr LocalAddress ]
                                     [ sourcenet Network ]
                                     [ minhello Minhello ]
                                     [ minpoll Minpoll ]
                                     [ traceoptions TraceOptions ] {
                                     ;
          .        . .    
  } ;
      . . .]
;       

These clauses have the following values:

packetsize Specifies the size, in bytes, of the largest EGP packet that can be accepted or sent.
group Lists a group of EGP peers in one autonomous system. You can specify any number of group clauses. Any parameters from the neighbor clause can be specified in the group clause to provide defaults for the group.
maxup Specifies the maximum number of peers that will be maintained in the Up state.
importdefault Tells the gated daemon to import the default route (0.0.0.0) in updates exchanged with an EGP neighbor. If not specified, the default network is ignored when exchanging EGP updates.
exportdefault Tells the gated daemon to export the default route (0.0.0.0) in updates exchanged with an EGP neighbor. If not specified, the default network is ignored when exchanging EGP updates.
sourcenet Specifies the network to query in EGP Poll packets. This value is normally the shared network.
minhello Specifies the minimum acceptable EGP hello intervals. Specify this value in time in seconds and minutes, seconds, or hours, minutes and seconds.
minpoll Specifies the minimum acceptable EGP poll intervals.

The LocalAddress is used to set the address to a local address that is used when there is a choice of interfaces. If you do not specify the local address, it defaults to which ever interface is shared with the neighbor. If a network is not shared with the neighbor, use the gateway clause to specify the next-hop gateway to use when installing routes learned from this neighbor. In this case, the default interface is the one shared with the specified gateway.

The default metric is 255. The default preference is 200.

Using the gated Daemon with the Border Gateway Protocol (BGP)

The following protocol statement configures the BGP for the gated daemon:

bgp yes| no | on | off {
                   [ preference Preference; ]
                   [ defaultmetric Metric ;
                   [ traceoptions TraceOptions ; ]
                   [ group     type external | internal | igp | test peeras PeerAs ]
                                     [ metricout Metric ]
                                     [ localas LocalAs ]
                                     [ nogendefault ]
                                     [ gateway Gateway ]
                                     [ preference Preference ]
                                     [ lcladdr LocalAddress ]
                                     [ holdtime Time ]
                                     [ traceoptions TraceOptions ]
                                     [ version Version ]
                                     [ passive ]
                                     [ importdefault ]
                                     [ exportdefault ]
                                     [ sendbuffer BufSize ]
                                     [ recvbuffer BufSize ]
                                     [ spoolbuffer BufSize ]
                                     [ keepall ]
                                     {
                                                       [ allow { DestinationMask ... } ; ]
                                                       [ peer Host
                                                                         [ metricout Metric ]
                                                                         [ localas LocalAs ]
                                                                         [ nogendefault ]
                                                                         [ gateway Gateway ]
                                                                         [ preference Preference ]
                                                                         [ lcladdr LocalAddress ]
                                                                         [ holdtime Time ]
                                                                         [ traceoptions TraceOptions ]
                                                                         [ version Version ]
                                                                         [ passive ]
                                                                         [ importdefault ]
                                                                         [ exportdefault ]
                                                                         [ sendbuffer BufSize ]
                                                                         [ recvbuffer BufSize ]
                                                                         [ spoolbuffer BufSize ]
                                                                         [ keepall ]
                                                       ; ]
                                     ) ;
                        . . .]
;       

The BGP peers are assigned to groups based on the type and peeras options. It is not possible to have two groups with the same type and peeras. Peer specifies the address of each BGP peer. Group provides the default for all peers within that group.

The peeras option is the autonomous system expected from a peer. The metricout option is the default metric used when sending to a peer. The localas clause specifies the autonomous system advertised to this peer. The default is the system that was set globally. The nogendefault option specifies that this peer should not cause the automatic default to be generated.

The LocalAddress specifies the address to use on the local end of the TCP connection with the peer. For external peers, the local address must be on an interface that is shared with the peer (or for a non-local peer's configured next-hop gateway when the gateway option is used to specify this) and a session with the peer is opened only when an interface with the appropriate local address through which the peer (gateway) address is directly reachable is operating. For other types of peers, a peer session is maintained when any interface with the specified local address is operating. In either case, incoming connections are only recognized as matching a configured peer if they are addressed to the configured local address.

The remaining options have the following values:

holdtime Specifies the BGP holdtime to use with this peer. The default hold time is 180.
importdefault, exportdefault Controls whether the default network (0.0.0.0) can be exchanged with this peer.
keepall Retains routes learned from a peer that contains one of our autonomous system numbers in their path.
passive Specifies that active opens to this peer should not be attempted.
recvbuffer Controls the amount of buffering asked of the kernel. By default, the maximum supported buffer is configured, up to 65335 bytes.
sendbuffer Controls the amount of buffering asked of the kernel. The default is to configure the maximum supported buffer, up to 65335 bytes.
spoolbuffer Indicates that BGP should buffer data for peers when the kernel queues are full, the default is to break the connection. These options are normally not needed on properly functioning systems.
traceoptions Specify tracing options for this peer.
version Specifies the version of the BGP protocol to use with this peer. If you do not specify a version, the highest supported version is used first and version negotiation is attempted. The default is 3.

You do not specify a metric option, the default is not to send a metric. The default preference option is 170.

Using the gated Daemon with the Internet Control Message Protocol (ICMP)

The following protocol statement controls how the gated daemon responds to ICMP redirects:

redirect yes | no | on | off {
                   preference Preference ;
                   interface InterfaceList [ noredirects;
                   trustedgateways GatewayList ;
                   traceoptions TraceOptions ;
;       

When functioning as a router ( that is, any interior routing protocols RIP, HELLO, OSPF are participating in routing any interface), ICMP redirects are disabled. When ICMP redirects are disabled, the gated daemon must actively remove the effects of redirects from the kernel as the kernel always processes ICMP redirects.

The default Preference parameter is 30.

Using the gated Daemon with the Simple Network Management Protocol (SNMP)

The following protocol statement specifies whether the gated daemon tries to contact the SNMP daemon to register supported variables.

snmp yes | no | on | off {
                   preference Preference;
                   traceoptions TraceOptions;
                   port Port;
;       

The default snmp value is on. The default Preference parameter is 50. The default Port parameter is 199 (SMUX).

Static Statements

static {
                    DestinationMask gateway Gateway [ Gateway2 [ Gateway 3 [ ... ] ] ]
                                     [ interface InterfaceList ]
                                     [ preference Preference ]
                                     [ retain [ reject ] [ blackhole ] [ noinstall ];
                   ...
                   DestinationMask interface Interface [ preference
                                     Preference ] [ retain ] [ reject ] [ blackhole ] [ noinstall ];
                   ...
};

You can define any number of static statements. Each statement can contain any number of static route definitions. The first form defines a static route through one or more gateways. If you specify multiple gateways, they are limited by the number of multipath destinations supported, this is always 1. Only gateways on interfaces that are configured and up are used.

The second form defines a static interface route that is used for primitive support of multiple networks on one interface.

The interface list on the first form restricts static routes to a specific set of interfaces. The options in these forms have the following values:

retain Causes the route to be retained in the kernel after the gated daemon is shut down.
reject Causes all packets to this route to be rejected.
blackhole Causes all packets to this route to be silently discarded.
noinstall Prevents the route from being installed in the kernel.

The Preference option for static routes defaults to 60.

Control Statements

Import and export clauses control importation of routes from routing protocol peers and export of routes to routing protocol peers. These clauses have the following form:

import proto bgp | egp as AutonomousSystem restrict;
import proto bgp | egp as AutonomousSystem
                   [ preference Preference ] {
                   ImportList
};

import proto bgp aspath AspathSpec restrict;
import proto bgp aspath AspathSpec
                   [ preference Preference ] {
                   ImportList
};

import proto rip | hello | redirect restrict;
import proto rip | hello | redirect
                   [ preference Preference ] {
                   ImportList
};

import proto rip | hello | redirect interface InterfaceList restrict;
import proto rip | hello | redirect interface InterfaceList
                   [ preference Preference ] {
                   ImportList
};

import proto rip | hello | redirect gateway GatewayList restrict;
import proto rip | hello | redirect gateway GatewayList
                   [ preference Preference ] {
                   ImportList
};

import proto ospfase [ tag OspfTag ] restrict;
import proto ospfase [ tag OspfTag ]                    [ preference Preference ] [ {
>                   ImportList
} ] ;

If an OSPF type is specified, only routes of that type are considered for import. Otherwise, either import or export types are considered. if an OspfTag specification is given, only routes matching that tag specification are considered. Otherwise, any tag is considered. An OSPF tag specification is a decimal, hexidecimal or dotted quad number.

If you specify more than one import statement relevant to a protocol, they are processed most specific to least specified (that is, for RIP and HELLO, gateway, interface, and protocol), then in the order specified in the gated.conf file.

An ImportList consists of zero or more destinations (with optional mask). You can specify restrict to prevent a set of destinations from being imported or a specific preference for this set of destinations. The format of this set is as follows:

DestinationMask [ [ restrict ] | [ preference Preference ] ] ;

The contents of an import list are sorted internally so that entries with the most specific masks are examined first. The order in which the DestinationMask entries are specified does not matter.

If you do not specify an ImportList, all routes are accepted. If an import list is specified, the import list is scanned for a matching route. If no match is found, the route is discarded. An allrestrict entry is assumed in an import list.

export proto bgp | egp as AutonomousSystem restrict; export proto bgb | egp as AutonomousSystem
                   
                   [ metric Metric ] {
                   Export List
};

export proto rip | hello restrict;
export proto rip | hello
                    [ metric Metric ] {
                   Export List };

export proto rip | hello interface InterfaceList restrict;
export proto rip | hello interface InterfaceList
                    [ metric Metric ] {
                   Export List
};

export proto rip | hello gateway GatewayList restrict;
export proto rip | hello gateway GatewayList
                    [ metric Metric ] {