.. DO NOT EDIT: this file is automatically created by /utils/build_doc Examples of configurations ========================== Default ------- Configurations built using the default ``general.yml`` and ``clients.yml`` files distributed with the project. https://github.com/pierky/arouteserver/blob/master/examples/default See the `textual representation (HTML) of this configuration <_static/examples_default.html>`__. Feature-rich example -------------------- Configurations built using the files provided in the ``examples/rich`` directory. - GTSM and ADD-PATH are enabled by default on the route server. - Next-hop filtering allows clients to set NEXT_HOP of any client in the same AS. - Local networks are filtered, and also transit-free ASNs, "never via route-servers" networks, invalid paths and prefixes/origin ASNs which are not authorized by clients' AS-SETs (which are fetched from PeeringDB). - Dataset used for prefix validation extended using NIC.BR Whois DB dump and RPKI ROAs. - RPKI-based Origin Validation is enabled; INVALID routes are rejected. - RFC9234 route leak prevention using roles is configured. - A max-prefix limit is enforced on the basis of PeeringDB information. - Blackhole filtering is implemented with a rewrite-next-hop policy and can be triggered with BGP communities BLACKHOLE, 65534:0 and 999:666:0. - Control communities allow selective announcement control and prepending, also on the basis of peers RTT. - 32bit ASNs are mapped to 16bit ASNs for usage in standard BGP communities. - Graceful BGP session shutdown is enabled. - Client timers are configured using the custom, site-specific .local file. - Informational custom BGP communities are used to tag routes from European or American clients. Please note: for the sake of readability of the configuration files built in this example the set of RPKI ROAs is artificially limited to just a bunch of them. https://github.com/pierky/arouteserver/blob/master/examples/rich See the `textual representation (HTML) of this configuration <_static/examples_rich.html>`__. BIRD hooks example ------------------ The BIRD configurations provided in this example have been generated enabling `BIRD hooks `_: .. code-block:: console $ arouteserver bird --ip-ver 4 --use-local-files header --use-hooks pre_receive_from_client post_receive_from_client [...] The above list of hooks passed to the ``bird`` command has been truncated for the sake of readability; the complete list used in this example is provided below. The command line argument ``--use-local-files`` enables the ``header`` inclusion point, in order to add the ``include "/etc/bird/header.local";`` configuration statement to the BIRD configuration generated by ARouteServer. .. code-block:: none :emphasize-lines: 11 define rs_as = 999; log "/var/log/bird.log" all; log syslog all; debug protocols all; protocol device {}; table master sorted; include "/etc/bird/header.local"; ... This file must be present on the route server where BIRD is executed and must contain the custom functions used to implement the hooks. See the ``header.local`` file for the functions declaration. List of hooks used in this example: - pre_receive_from_client - post_receive_from_client - pre_announce_to_client - post_announce_to_client - scrub_communities_in - scrub_communities_out - apply_blackhole_filtering_policy - route_can_be_announced_to - announce_rpki_invalid_to_client https://github.com/pierky/arouteserver/blob/master/examples/bird_hooks Clients from Euro-IX member list JSON file ------------------------------------------ Some clients files automatically built from `Euro-IX member list JSON files `_ are reported here. https://github.com/pierky/arouteserver/blob/master/examples/clients-from-euroix .. DO NOT EDIT: this file is automatically created by /utils/build_doc ``configure`` command output ---------------------------- The ``configure`` command can be used to quickly generate policy definition files (*general.yml*) which are based on suggested settings and best practices. A list of BGP communities is also automatically built. .. code-block:: console $ arouteserver configure --output examples/auto-config/bird-general.yml BGP daemon ========== Depending on the BGP daemon used for the route server some features may not be available. Details here: https://arouteserver.readthedocs.io/en/latest/CONFIG.html#caveats-and- limitations Which BGP daemon will be used? [bird/openbgpd] bird Which version? [1.6.3/1.6.4/1.6.6/1.6.7/1.6.8/2.0.7/2.0.7+b962967e/2.0.8/2.0.9/2.0.10/2.0.11/2.13/2.14/2.15/2.16/2.17.1/3.0/3.1.2] 2.17.1 Router server's ASN =================== What's the ASN of the route server? 64496 Route server's BGP router-id ============================ Please enter the route server BGP router-id: 192.0.2.1 List of local networks ====================== A list of local IPv4/IPv6 networks must be provided here: routes announced by route server clients for these prefixes will be filtered out. Please enter a comma-separated list of local networks: 192.0.2.0/24,2001:db8::/32 Route server policy definition file generated successfully! =========================================================== The content of the general configuration file will now be written to examples/auto-config/bird-general.yml Some notes: - Accepted prefix lengths are 8-24 for IPv4 and 12-48 for IPv6. - Routes with 'transit-free networks' or 'never via route-server' (PeeringDB) ASNs in the middle of AS_PATH are rejected. - IRR-based filters are enabled; prefixes that are more specific of those registered are accepted. - PeeringDB is used to fetch AS-SETs for those clients that are not explicitly configured. - RPKI ROAs are used as if they were route objects to further enrich IRR data. - NIC.BR Whois database dump is fetched from Registro.br to further enrich IRR data. - RPKI BGP Origin Validation is enabled. INVALID routes are rejected. - PeeringDB is used to fetch networks prefix count. - Route leak prevention using roles (RFC9234) is enabled. - Routes tagged with the GRACEFUL_SHUTDOWN well-known community (65535:0) are processed accordingly to draft-ietf-grow-bgp-gshut. The textual description (HTML and Markdown) generated on the basis of the *general.yml* files produced by this command is also reported here. https://github.com/pierky/arouteserver/blob/master/examples/auto-config bird-general.yml.html - See the `textual representation (HTML) of this configuration <_static/examples_auto-config_bird-general.yml.html>`__. openbgpd-general.yml.html - See the `textual representation (HTML) of this configuration <_static/examples_auto-config_openbgpd-general.yml.html>`__. IX-F Member Export files ------------------------ The files reported within this directory were generated using the ``ixf-member-export`` `command `__. https://github.com/pierky/arouteserver/blob/master/examples/ixf-member-export BIRD v2/v3 and OpenBGPD RPKI RTR configuration ---------------------------------------------- This is an example of how to use BIRD v2/v3 or OpenBGPD with an external source for RPKI ROAs based on the RTR protocol. BIRD v2/v3 and OpenBGPD (starting with release 6.9) have built-in support for the RTR protocol, that allows to connect the BGP daemon directly to a local cache (a "validator"). To configure the daemons with ARouteServer in order to fetch ROAs using RTR, the ``rpki_roas.source`` option must be set to ``rtr`` and a local *rpki_rtr_config.local* file must be placed inside the same directory where the main configuration file is created (*/etc/bird* or */etc/bgpd* by default, or a custom one set using the ``--local-files-dir`` command line argument of ARouteServer). The *rpki_rtr_config.local* file is expected to contain the snippet of BIRD or OpenBGPD config needed to setup one or more RTR sessions: - BIRD v2/v3: https://bird.network.cz/?get_doc&v=20&f=bird-6.html#ss6.13 **Please note:** the names of the tables where ROAs will be injected into must be ``RPKI4`` and ``RPKI6``. - OpenBGPD: https://man.openbsd.org/bgpd.conf#rtr Example configurations are reported in the *rpki_rtr_config.local.BIRD* and *rpki_rtr_config.local.OpenBGPD* files that can be found within this directory. https://github.com/pierky/arouteserver/blob/master/examples/rpki_rtr