Contains configuration information for the gated daemon.
The /etc/gated.conf file contains configuration information for the gated daemon. The file contains a sequence of statements. Statements are composed of tokens separated by white space. You can create white space using any combination of blanks, tabs, and new lines. The gated.conf file supports eight classes of statements:
| directive | Identify include files and the directories that contain them. The parser acts immediately upon directive statements. |
| trace | Control tracing options. |
| option | Specify global options. |
| interface | Specify interface options. |
| definition | Specify options, the autonomous system, and martian networks. |
| protocol | Enable or disable protocols and set protocol options. |
| route | Define static routes. |
| control | Define routes imported to and exported from routing peers. |
You terminate a statement with a ; (semi-colon), except for directive statements. You terminate directive statements with a newline character.
You can specify directive and trace statements in any order in the gated.conf file. The remaining classes must be specified in order: trace, option, interface, definition, protocol, static route, and control.
You can specify comments in the gated.conf file using a # (pound sign) or C programing comments. To create a comment with a # pound sign, place the pound sign at the beginning of the line and the system ignores everything to the end of the line. C comments can appear anywhere on a line. A C comment starts with an /* (slash asterisk) and continues until it ends with */ (asterisk slash).
Statements are constructed using a number of primitives. These primitives are the following:
Directive statements specify include files and the directories they reside in. Directive statements end with a newline. The following are directive statements:
The following trace statements control tracing options and specify trace-output level:
Option statements specify global options. An option statement has the following form:
The OptionsList parameter sets gated daemon options. The following are valid options:
| noinstall | Do not change the kernel's routing table. This option is useful for verifying configuration files. |
| gendefault | Generates a default route when the BGP and EGP neighbors are up. This route is not installed in the kernel's routing table. This route may be announced by other protocols. You can do this by referencing the special Default protocol. |
| nosend | Do not send any packets. This options allows you to run the gated daemon on a live network to test protocol interactions without actually participating in the routing protocols. You can examine the packet traces in the gated log to verify that the daemon is functioning properly. This option is most useful for the RIP, HELLO, and SMUX SNMP interfaces. This option does not apply to BGP packets. |
| noresolv | Do not try to resolve symbolic names into IP addresses by using the host table, the network table, or the Domain Name System (DNS). This option is intended for systems where a lack of routing information could cause a DNS lookup to hang. |
| syslog | Controls the amount of data the gated daemon logs using the syslog subroutine systems where the setlogmask subroutine is supported. See the setlogmask subroutine for more information about log levels. The default is equivalent to syslog upto info. |
Interface statements specify interface options. Interface statements have the following form:
interface {
options [ strictifs ] [ scaninterval Time
];
interface InterfaceList InterfaceOptions;
define Address [ broadcast Address |
pointopoint
LocalAddress ]
[ netmask Netmask ] [ multicast ];
};
The interface statement clauses have the following values:
The following definition statements specify options, the autonomous system, martian networks, and interface options:
| autonomoussystem AutonomousSystem; | |
| Sets the autonomous system of the router to the AutonomousSystem value. This option is required when using the BGP or EGP protocol. | |
| martian { MartianList } ; |
Defines a list of martian addresses about which all routing information is ignored. The MartianList value consists of symbolic or numeric hosts with optional masks. Each address is separated by a ; (semicolon). |
| routerid Host | Sets the router identifies for use by the BGP or OSPF protocols. The default is the address of the first interface encountered by the gated daemon. The address of a non-POINTOPOINT interface is preferred over the local address of a POINTOPOINT interface and an address on a loopback interface that is not the loopback address (127.0.0.1) that is most preferred. |
This section explains the configuration options for routing protocols. These options enable or disable the use of a protocol and control protocol options. Protocol statements may be specified in any order. The protocol statements consist of one of the following protocol names:
For all protocols, preference controls the choice of routes learned with this protocol or from this autonomous system in relation to routes learned from other protocols or autonomous systems. The default metric used when propagating routes learned from other protocols is specified with defaultmetric which itself defaults to the highest valid metric. For many protocols, this signifies a lack of reachability.
For distance vector IGPs with no explicit connections or authentication (RIP and HELLO) and redirects (ICMP), the trustedgateways clause supplies a list of gateways providing valid routing information. Routing packets from other gateways are ignored. This defaults to all gateways on the attached networks.
Routing packets can be sent not only to the remote end of point-to-point links and the broadcast address of broadcast-capable interfaces, but also to specific gateways if they are listed in the sourgateways clause and yes or on is specified. If nobroadcast is specified, routing updates are sent only to gateways listed in the sourcegateways clause and not at all to the broadcast address. You can disable the transmission and reception of routing packets for a particular protocol with the interface clause. An interface clause that disables sending or receiving protocol packets can be overridden for specific peers using the trustedgateways and sourcegateways clauses.
For exterior protocols, (BGP, EGP), the autonomous system advertised to the peer is specified by the global autonomoussystem clause unless it is also overridden by the asout option. The incoming autonomous system number is not verified unless peeras is specified. Specifying metricout fixes the outgoing metric for all routes propagated to this peer. If the peer does not share a network, you can use interface to specify the interface address to use when communicating with this peer. Use gateway to specify the next hop to use for all routes learned from this peer. An internal default is generated when routing information is learned from a peer unless you specify the nogendefault option.
Any protocol can have a traceoptions clause. This clause enables tracing for a particular protocol, group, or peer. The following protocol-specific options are:
The following protocol statement configures the (RIP) for the gated daemon:
rip yes|no|on|off [ {If you do not specify the rip clause, the default is rip on. The nobroadcast option specifies that RIP packets are sent to gateways listed in the sourcegateways clause, if there are any. If you specify yes or on, RIP assumes nobroadcast if there is only one interface and broadcast if there is more than one. The broadcast option specifies that RIP packets are always generated. The nocheckzero option specifies that RIP should not ensure that the reserved fields in RIP packets are zero.
Note: Using the broadcast option with only one interface is useful only when propagating static routes or routes learned from another protocol. This will cause data packets to travel across the same network twice. This behavior may be tolerable in certain configurations.
If the version is specified as or defaults to 1, RIP version 2 packets are never sent except in response to a v2 POLL packet. If the version is specifies as 2, RIP version 2 packets are sent to the RIP multicast address if possible, or the broadcast address, unless the method is explicitly specified.
The default Metric is 16. The default Preference is 100.
The following protocol statement configures the Defense Communications Network Local-Network Protocol (HELLO) for the gated daemon:
hello yes|no|on| off [ {If you specify the yes or on option, HELLO assumes nobrodcast if there is only one interface and broadcast if there is more than one. If the HELLO clause is not specified, the default is hello off. The broadcast option specifies that HELLO will be generated. The nobroadcast option specifies that HELLO packets be sent to gateways listed in the sourcegateways clause, if there are any.
Note: Using the broadcast option with only one interface is useful only when propagating static routes or routes learned from another protocol. This causes data packets to travel across the same network twice.
The default metricount option is 0. The default metricin option is a translation of the kernel interface metric into a hello metric plus 100 ( the default HELLO hop count).
The default Metric is 30000. The default Preference is 90.
These clauses have the following values:
| Interface | Specifies an interface. You can specify an address, a name, a wildcard name (name without any number), or all. You can specify multiple interface clauses with different parameters, the parameters used are accumulated from the interface clauses. If a parameter is specified more than once, the instance with the most specific interface reference is used. The order of precedence is address, name, wildcard name, and all. |
| Cost | Specifies an OSPF internal cost. This value must be a number between 0 and 65535, |
| Tag | Identifies an OSPF tag. This number is placed on all routes exported by the gated daemon into OSPF. The tag is an unsigned 31-bit number. |
| AsTag | Identifies an OSPF-BGP tag. This number is placed on all routes exported by the gated daemon into OSPF. When tag as or AsTag is used, tag fields are automatically generated and the AsTag fields is assigned if specified. This number is an unsigned 12- bit number. |
| Metric | Specifies an OSPF external (ASE) cost between 0 and 16777215. |
| Area | Specifies a dotted quad or a number between 1 and 4294967295. Area 0 is always referred to as the backbone. |
| AuthKey | Specifies an authorization key. This is 1 to 8 decimal digits separated by periods, a 1 to 8 byte hexadecimal string preceded by 0x or a one to eight character string in double quotes. |
| Priority | Specifies a priority number between 0 and 255 specifying the priority of becoming the designated router on this interface. |
OSPF inter and intra area are always imported into the gated routing table with a preference of 10. It is a violation of the protocol to do otherwise so it is not possible to override this. OSPF Autonomous System External (ASE) routes are imported with a preference of 150. This default can be changed with the preference keyword in the defaults section. ASE routes are imported at a rate of 100 ASEs every 1 second, you can tune these parameters with the exportlimit and exportinterval parameters.
gated routes are exported to OSPF as ASEs with a default cost of 0 and a type of 1. By default, the tag is calculated from the AS path of the route being exported (TAG AS). You can change all of these in the defaults section.
Notes:
The following protocol statement configures the EGP for the gated daemon:
egp yes | no | on | off [ {These clauses have the following values:
| packetsize | Specifies the size, in bytes, of the largest EGP packet that can be accepted or sent. |
| group | Lists a group of EGP peers in one autonomous system. You can specify any number of group clauses. Any parameters from the neighbor clause can be specified in the group clause to provide defaults for the group. |
| maxup | Specifies the maximum number of peers that will be maintained in the Up state. |
| importdefault | Tells the gated daemon to import the default route (0.0.0.0) in updates exchanged with an EGP neighbor. If not specified, the default network is ignored when exchanging EGP updates. |
| exportdefault | Tells the gated daemon to export the default route (0.0.0.0) in updates exchanged with an EGP neighbor. If not specified, the default network is ignored when exchanging EGP updates. |
| sourcenet | Specifies the network to query in EGP Poll packets. This value is normally the shared network. |
| minhello | Specifies the minimum acceptable EGP hello intervals. Specify this value in time in seconds and minutes, seconds, or hours, minutes and seconds. |
| minpoll | Specifies the minimum acceptable EGP poll intervals. |
The LocalAddress is used to set the address to a local address that is used when there is a choice of interfaces. If you do not specify the local address, it defaults to which ever interface is shared with the neighbor. If a network is not shared with the neighbor, use the gateway clause to specify the next-hop gateway to use when installing routes learned from this neighbor. In this case, the default interface is the one shared with the specified gateway.
The default metric is 255. The default preference is 200.
The following protocol statement configures the BGP for the gated daemon:
bgp yes| no | on | off [ {The BGP peers are assigned to groups based on the type and peeras options. It is not possible to have two groups with the same type and peeras. Peer specifies the address of each BGP peer. Group provides the default for all peers within that group.
The peeras option is the autonomous system expected from a peer. The metricout option is the default metric used when sending to a peer. The localas clause specifies the autonomous system advertised to this peer. The default is the system that was set globally. The nogendefault option specifies that this peer should not cause the automatic default to be generated.
The LocalAddress specifies the address to use on the local end of the TCP connection with the peer. For external peers, the local address must be on an interface that is shared with the peer (or for a non-local peer's configured next-hop gateway when the gateway option is used to specify this) and a session with the peer is opened only when an interface with the appropriate local address through which the peer (gateway) address is directly reachable is operating. For other types of peers, a peer session is maintained when any interface with the specified local address is operating. In either case, incoming connections are only recognized as matching a configured peer if they are addressed to the configured local address.
The remaining options have the following values:
| holdtime | Specifies the BGP holdtime to use with this peer. The default hold time is 180. |
| importdefault, exportdefault | Controls whether the default network (0.0.0.0) can be exchanged with this peer. |
| keepall | Retains routes learned from a peer that contains one of our autonomous system numbers in their path. |
| passive | Specifies that active opens to this peer should not be attempted. |
| recvbuffer | Controls the amount of buffering asked of the kernel. By default, the maximum supported buffer is configured, up to 65335 bytes. |
| sendbuffer | Controls the amount of buffering asked of the kernel. The default is to configure the maximum supported buffer, up to 65335 bytes. |
| spoolbuffer | Indicates that BGP should buffer data for peers when the kernel queues are full, the default is to break the connection. These options are normally not needed on properly functioning systems. |
| traceoptions | Specify tracing options for this peer. |
| version | Specifies the version of the BGP protocol to use with this peer. If you do not specify a version, the highest supported version is used first and version negotiation is attempted. The default is 3. |
You do not specify a metric option, the default is not to send a metric. The default preference option is 170.
The following protocol statement controls how the gated daemon responds to ICMP redirects:
redirect yes | no | on | off [ {When functioning as a router ( that is, any interior routing protocols RIP, HELLO, OSPF are participating in routing any interface), ICMP redirects are disabled. When ICMP redirects are disabled, the gated daemon must actively remove the effects of redirects from the kernel as the kernel always processes ICMP redirects.
The default Preference parameter is 30.
The following protocol statement specifies whether the gated daemon tries to contact the SNMP daemon to register supported variables.
snmp yes | no | on | off [ {The default snmp value is on. The default Preference parameter is 50. The default Port parameter is 199 (SMUX).
You can define any number of static statements. Each statement can contain any number of static route definitions. The first form defines a static route through one or more gateways. If you specify multiple gateways, they are limited by the number of multipath destinations supported, this is always 1. Only gateways on interfaces that are configured and up are used.
The second form defines a static interface route that is used for primitive support of multiple networks on one interface.
The interface list on the first form restricts static routes to a specific set of interfaces. The options in these forms have the following values:
| retain | Causes the route to be retained in the kernel after the gated daemon is shut down. |
| reject | Causes all packets to this route to be rejected. |
| blackhole | Causes all packets to this route to be silently discarded. |
| noinstall | Prevents the route from being installed in the kernel. |
The Preference option for static routes defaults to 60.
Import and export clauses control importation of routes from routing protocol peers and export of routes to routing protocol peers. These clauses have the following form:
import proto bgp | egp as AutonomousSystem restrict;If an OSPF type is specified, only routes of that type are considered for import. Otherwise, either import or export types are considered. if an OspfTag specification is given, only routes matching that tag specification are considered. Otherwise, any tag is considered. An OSPF tag specification is a decimal, hexidecimal or dotted quad number.
If you specify more than one import statement relevant to a protocol, they are processed most specific to least specified (that is, for RIP and HELLO, gateway, interface, and protocol), then in the order specified in the gated.conf file.
An ImportList consists of zero or more destinations (with optional mask). You can specify restrict to prevent a set of destinations from being imported or a specific preference for this set of destinations. The format of this set is as follows:
DestinationMask [ [ restrict ] | [ preference Preference ] ] ;The contents of an import list are sorted internally so that entries with the most specific masks are examined first. The order in which the DestinationMask entries are specified does not matter.
If you do not specify an ImportList, all routes are accepted. If an import list is specified, the import list is scanned for a matching route. If no match is found, the route is discarded. An allrestrict entry is assumed in an import list.
export proto bgp | egp as AutonomousSystem restrict; export proto bgb | egp as AutonomousSystem