Skip to main content

Configuration

Config

OptionTypeDefaultValidationDescription
peeringdb-query-timeoutuint10PeeringDB query timeout in seconds
irr-query-timeoutuint30IRR query timeout in seconds
bird-directorystring/etc/bird/Directory to store BIRD configs
bird-binarystring/usr/sbin/birdPath to BIRD binary
bird-socketstring/run/bird/bird.ctlUNIX control socket for BIRD
cache-directorystring/var/run/pathvector/cache/Directory to store runtime configuration cache
keepalived-configstring/etc/keepalived.confConfiguration file for keepalived
web-ui-filestringFile to write web UI to (disabled if empty)
log-filestringsyslogLog file location
portal-hoststringPeering portal host (disabled if empty)
portal-keystringPeering portal API key
hostnamestringRouter hostname (default system hostname)
asnint0requiredAutonomous System Number
prefixes[]stringList of prefixes to announce
communities[]stringList of RFC1997 BGP communities
large-communities[]stringList of RFC8092 large BGP communities
router-idstringrequiredRouter ID (dotted quad notation)
irr-serverstringrr.ntt.netInternet routing registry server
rtr-serverstringrtr.rpki.cloudflare.com:8282RPKI-to-router server
bgpq-argsstringAdditional command line arguments to pass to bgpq4
keep-filteredboolfalseShould filtered routes be kept in memory?
kernel-learnboolfalseShould routes from the kernel be learned into BIRD?
kernel-exportbooltrueExport routes to kernel routing table
merge-pathsboolfalseShould best and equivalent non-best routes be imported to build ECMP routes?
source4stringSource IPv4 address
source6stringSource IPv6 address
default-routebooltrueAdd a default route
accept-defaultboolfalseShould default routes be added to the bogon list?
kernel-tableintKernel table
rpki-enablebooltrueEnable RPKI RTR session
peersmap[string]PeerBGP peer configuration
templatesmap[string]PeerBGP peer templates
vrrpmap[string]VRRPInstanceList of VRRP instances
bfdmap[string]BFDInstanceBFD instances
augmentsAugmentsCustom configuration options
optimizerOptimizerRoute optimizer options

BFDInstance

OptionTypeDefaultValidationDescription
neighborstringNeighbor IP address
interfacestringInterface (pattern accepted)
intervaluint200RX and TX interval
multiplieruint10Number of missed packets for the state to be declared down

Peer

OptionTypeDefaultValidationDescription
templatestringConfiguration template
descriptionstringPeer description
disabledboolfalseShould the sessions be disabled?
asnint0requiredLocal ASN
neighbors[]stringrequired,ipList of neighbor IPs
prependsint0Number of times to prepend local AS on export
local-prefint100BGP local preference
multihopboolfalseShould BGP multihop be enabled? (255 max hops)
listen4stringIPv4 BGP listen address
listen6stringIPv6 BGP listen address
local-asnintLocal ASN as defined in the global ASN field
local-portint179Local TCP port
neighbor-portint179Neighbor TCP port
passiveboolfalseShould we listen passively?
directboolfalseSpecify that the neighbor is directly connected
next-hop-selfboolfalseShould BGP next-hop-self be enabled?
bfdboolfalseShould BFD be enabled?
passwordstringBGP MD5 password
rs-clientboolfalseShould this peer be a route server client?
rr-clientboolfalseShould this peer be a route reflector client?
remove-private-asnsbooltrueShould private ASNs be removed from path before exporting?
mp-unicast-46boolfalseShould this peer be configured with multiprotocol IPv4 and IPv6 unicast?
allow-local-asboolfalseShould routes originated by the local ASN be accepted?
add-path-txboolfalseEnable BGP additional paths on export?
add-path-rxboolfalseEnable BGP additional paths on import?
import-next-hopstringRewrite the BGP next hop before importing routes learned from this peer
export-next-hopstringRewrite the BGP next hop before announcing routes to this peer
confederationintBGP confederation (RFC 5065)
confederation-memberboolfalseShould this peer be a member of the local confederation?
ttl-securityboolfalseRFC 5082 Generalized TTL Security Mechanism
import-communities[]stringList of communities to add to all imported routes
export-communities[]stringList of communities to add to all exported routes
announce-communities[]stringAnnounce all routes matching these communities to the peer
remove-communities[]stringList of communities to remove before from routes announced by this peer
remove-all-communitiesintRemove all standard and large communities beginning with this value
as-prefsmap[uint32]uint32Map of ASN to import local pref (not included in optimizer)
as-setstringPeer's as-set for filtering
import-limit4int1000000Maximum number of IPv4 prefixes to import
import-limit6int200000Maximum number of IPv6 prefixes to import
enforce-first-asbooltrueShould we only accept routes who's first AS is equal to the configured peer address?
enforce-peer-nexthopbooltrueShould we only accept routes with a next hop equal to the configured neighbor address?
force-peer-nexthopboolfalseRewrite nexthop to peer address
max-prefix-actionstringdisableWhat action should be taken when the max prefix limit is tripped?
allow-blackhole-communityboolfalseShould this peer be allowed to send routes with the blackhole community?
filter-irrboolfalseShould IRR filtering be applied?
filter-rpkibooltrueShould RPKI invalids be rejected?
strict-rpkiboolfalseShould only RPKI valids be accepted?
filter-max-prefixbooltrueShould max prefix filtering be applied?
filter-bogon-routesbooltrueShould bogon prefixes be rejected?
filter-bogon-asnsbooltrueShould paths containing a bogon ASN be rejected?
filter-transit-asnsboolfalseShould paths containing transit-free ASNs be rejected? (Peerlock Lite)'
filter-prefix-lengthbooltrueShould too large/small prefixes (IPv4 8 > len > 24 and IPv6 12 > len > 48) be rejected?
filter-never-via-route-serversboolfalseShould routes containing an ASN reported in PeeringDB to never be reachable via route servers be filtered?
auto-import-limitsboolfalseGet import limits automatically from PeeringDB?
auto-as-setboolfalseGet as-set automatically from PeeringDB? If no as-set exists in PeeringDB, a warning will be shown and the peer ASN used instead.
honor-graceful-shutdownbooltrueShould RFC8326 graceful shutdown be enabled?
prefixes[]stringPrefixes to accept
announce-defaultboolfalseShould a default route be exported to this peer?
announce-originatedbooltrueShould locally originated routes be announced to this peer?
announce-allboolfalseShould all routes be exported to this peer?
session-globalstringConfiguration to add to each session before any defined BGP protocols
pre-importstringConfiguration to add at the beginning of the import filter
pre-exportstringConfiguration to add at the beginning of the export filter
pre-import-finalstringConfiguration to add immediately before the final accept/reject on import
pre-export-finalstringConfiguration to add immediately before the final accept/reject on export
probe-sources[]stringOptimizer probe source addresses
optimize-inboundboolfalseShould the optimizer modify inbound policy?

VRRPInstance

OptionTypeDefaultValidationDescription
statestringrequiredVRRP instance state ('primary' or 'backup')
interfacestringrequiredInterface to send VRRP packets on
vriduintrequiredRFC3768 VRRP Virtual Router ID (1-255)
priorityuintrequiredRFC3768 VRRP Priority
vips[]stringrequired,cidrList of virtual IPs

Augments

OptionTypeDefaultValidationDescription
accept4[]stringList of BIRD protocols to import into the IPv4 table
accept6[]stringList of BIRD protocols to import into the IPv6 table
reject4[]stringList of BIRD protocols to not import into the IPv4 table
reject6[]stringList of BIRD protocols to not import into the IPv6 table
staticsmap[string]stringList of static routes to include in BIRD
srd-communities[]stringList of communities to filter routes exported to kernel (if list is not empty, all other prefixes will not be exported)

Optimizer

OptionTypeDefaultValidationDescription
targets[]stringList of probe targets
latency-thresholduint100Maximum allowable latency in milliseconds
packet-loss-thresholdfloat640.5Maximum allowable packet loss (percent)
modifieruint20Amount to lower local pref by for depreferred peers
probe-countint5Number of pings to send in each run
probe-timeoutint1Number of seconds to wait before considering the ICMP message unanswered
probe-intervalint120Number of seconds wait between each optimizer run
cache-sizeint15Number of probe results to store per peer
probe-udpboolfalseUse UDP probe (else ICMP)
alert-scriptstringScript to call on optimizer event
exit-on-cache-fullboolfalseExit optimizer on cache full