diff options
-rw-r--r-- | doc/ChangeLog | 8 | ||||
-rw-r--r-- | doc/quagga.info | 1040 | ||||
-rw-r--r-- | doc/snmp.texi | 31 | ||||
-rw-r--r-- | doc/snmptrap.texi | 203 |
4 files changed, 958 insertions, 324 deletions
diff --git a/doc/ChangeLog b/doc/ChangeLog index dd8b7efe..4e9ae352 100644 --- a/doc/ChangeLog +++ b/doc/ChangeLog @@ -1,3 +1,11 @@ +2005-11-04 Paul Jakma <paul.jakma@sun.com> + + * snmptrap.texi: Contributed documentation, contributors name + is lost (please get in touch). Configuring SNMP for logging + traps. + * snmp.texi: Minor formatting changes. + * quagga.info: Update auto-built file + 2005-10-29 Paul Jakma <paul@dishone.st> * ospfd.texi: Document the new spf and max-metric commands, and diff --git a/doc/quagga.info b/doc/quagga.info index f3ca189e..ba1ccf8d 100644 --- a/doc/quagga.info +++ b/doc/quagga.info @@ -1,4 +1,5 @@ -This is quagga.info, produced by makeinfo version 4.8 from quagga.texi. +This is ../../../doc/quagga.info, produced by makeinfo version 4.8 from +../../../doc/quagga.texi. Copyright (C) 1999-2005 Kunihiro Ishiguro, et al. @@ -324,6 +325,9 @@ RFC2842 `Capabilities Advertisement with BGP-4. R. Chandra, J. Scudder. May 2000.' +RFC3137 + `OSPF Stub Router Advertisement, A. Retana, L. Nguyen, R. White, + A. Zinin, D. McPherson. June 2001' When SNMP support is enabled, below RFC is also supported. @@ -2041,10 +2045,11 @@ File: quagga.info, Node: OSPFv2, Next: OSPFv3, Prev: RIPng, Up: Top 7 OSPFv2 ******** -OSPF version 2 is a routing protocol which described in RFC2328 - `OSPF -Version 2'. OSPF is IGP (Interior Gateway Protocols). Compared with -RIP, OSPF can provide scalable network support and faster convergence -time. OSPF is widely used in large networks such as ISP backbone and +OSPF (Open Shortest Path First) version 2 is a routing protocol which +is described in `RFC2328, OSPF Version 2'. OSPF is an IGP (Interior +Gateway Protocol).. Compared with RIP, OSPF can provide scalable +network support and faster convergence times. OSPF is widely used in +large networks such as ISP (Internet Service Provider) backbone and enterprise networks. * Menu: @@ -2056,6 +2061,7 @@ enterprise networks. * Redistribute routes to OSPF:: * Showing OSPF information:: * Debugging OSPF:: +* OSPF Configuration Examples:: File: quagga.info, Node: Configuring ospfd, Next: OSPF router, Up: OSPFv2 @@ -2063,10 +2069,11 @@ File: quagga.info, Node: Configuring ospfd, Next: OSPF router, Up: OSPFv2 7.1 Configuring ospfd ===================== -There is no `ospfd' specific options. Common options can be specified -(*note Common Invocation Options::) to `ospfd'. `ospfd' needs -interface information from `zebra'. So please make it sure `zebra' is -running before invoking `ospfd'. +There are no `ospfd' specific options. Common options can be specified +(*note Common Invocation Options::) to `ospfd'. `ospfd' needs to +acquire interface information from `zebra' in order to function. +Therefore `zebra' must be running before invoking `ospfd'. Also, if +`zebra' is restarted then `ospfd' must be too. Like other daemons, `ospfd' configuration is done in OSPF specific configuration file `ospfd.conf'. @@ -2088,43 +2095,141 @@ writing, `ospfd' does not support multiple OSPF processes. -- OSPF Command: ospf router-id A.B.C.D -- OSPF Command: no ospf router-id + This sets the router-ID of the OSPF process. The router-ID may be + an IP address of the router, but need not be - it can be any + arbitrary 32bit number. However it MUST be unique within the + entire OSPF domain to the OSPF speaker - bad things will happen if + multiple OSPF speakers are configured with the same router-ID! If + one is not specified then `ospfd' will obtain a router-ID + automatically from `zebra'. -- OSPF Command: ospf abr-type TYPE -- OSPF Command: no ospf abr-type TYPE - TYPE can be cisco|ibm|shortcut|standard More information regarding - the behaviour controlled by this command can be found in - draft-ietf-ospf-abr-alt-05.txt and - draft-ietf-ospf-shortcut-abr-02.txt Quote: "Though the definition - of the Area Border Router (ABR) in the OSPF specification does not - require a router with multiple attached areas to have a backbone - connection, it is actually necessary to provide successful routing - to the inter-area and external destinations. If this requirement - is not met, all traffic destined for the areas not connected to - such an ABR or out of the OSPF domain, is dropped. This document - describes alternative ABR behaviors implemented in Cisco and IBM - routers." + TYPE can be cisco|ibm|shortcut|standard. + + More information regarding the behaviour controlled by this + command can be found in `RFC 3509, Alternative Implementations of + OSPF Area Border Routers', and + `draft-ietf-ospf-shortcut-abr-02.txt'. + + Quote: "Though the definition of the ABR (Area Border Router) in + the OSPF specification does not require a router with multiple + attached areas to have a backbone connection, it is actually + necessary to provide successful routing to the inter-area and + external destinations. If this requirement is not met, all traffic + destined for the areas not connected to such an ABR or out of the + OSPF domain, is dropped. This document describes alternative ABR + behaviors implemented in Cisco and IBM routers." + + The default ABR type is 'Cisco', allowing an ABR to consider + summaries from non-backbone areas if, and only if, it has lost its + link(s) to the backbone area. -- OSPF Command: ospf rfc1583compatibility -- OSPF Command: no ospf rfc1583compatibility - This rfc2328, the sucessor to rfc1583, suggests according to + This `RFC2328', the sucessor to `RFC1583', suggests according to section G.2 (changes) in section 16.4 a change to the path - preference algorithm that prevents possible routing loops that - were possible in the old version of OSPFv2. More specifically it - demands that inter-area paths and intra-area path are now of equal + preference algorithm that prevents possible routing loops that were + possible in the old version of OSPFv2. More specifically it demands + that inter-area paths and intra-area path are now of equal preference but still both preferred to external paths. + This command should NOT be set normally. + -- OSPF Command: passive interface INTERFACE -- OSPF Command: no passive interface INTERFACE + Do not speak OSPF interface on the given interface, but do + advertise the interface as a stub link in the router-LSA (Link + State Advertisement) for this router. This allows one to advertise + addresses on such connected interfaces without having to originate + AS-External/Type-5 LSAs (which have global flooding scope) - as + would occur if connected addresses were redistributed into OSPF, + *Note Redistribute routes to OSPF::. + + + -- OSPF Command: timers throttle spf DELAY INITIAL-HOLDTIME +MAX-HOLDTIME + -- OSPF Command: no timers throttle spf + This command sets the initial DELAY, the INITIAL-HOLDTIME and the + MAXIMUM-HOLDTIME between when SPF is calculated and the event + which triggered the calculation. The times are specified in + milliseconds and must be in the range of 0 to 600000 milliseconds. + + The DELAY specifies the minimum amount of time to delay SPF + calculation (hence it affects how long SPF calculation is delayed + after an event which occurs outside of the holdtime of any + previous SPF calculation, and also serves as a minimum holdtime). + + Consecutive SPF calculations will always be seperated by at least + 'hold-time' milliseconds. The hold-time is adaptive and initially + is set to the INITIAL-HOLDTIME configured with the above command. + Events which occur within the holdtime of the previous SPF + calculation will cause the holdtime to be increased by + INITIAL-HOLDTIME, bounded by the MAXIMUM-HOLDTIME configured with + this command. If the adaptive hold-time elapses without any + SPF-triggering event occuring then the current holdtime is reset + to the INITIAL-HOLDTIME. The current holdtime can be viewed with + *Note show ip ospf::, where it is expressed as a multiplier of the + INITIAL-HOLDTIME. - -- OSPF Command: timers spf <0-4294967295> <0-4294967295> - -- OSPF Command: no timers spf - - -- OSPF Command: refresh group-limit <0-10000> - -- OSPF Command: refresh per-slice <0-10000> - -- OSPF Command: refresh age-diff <0-10000> - - -- OSPF Command: auto-cost refrence-bandwidth <1-4294967> - -- OSPF Command: no auto-cost refrence-bandwidth + router ospf + timers throttle spf 200 400 10000 + + In this example, the DELAY is set to 200ms, the INITIAL HOLDTIME + is set to 400ms and the MAXIMUM HOLDTIME to 10s. Hence there will + always be at least 200ms between an event which requires SPF + calculation and the actual SPF calculation. Further consecutive SPF + calculations will always be seperated by between 400ms to 10s, the + hold-time increasing by 400ms each time an SPF-triggering event + occurs within the hold-time of the previous SPF calculation. + + This command supercedes the `timers spf' command in previous Quagga + releases. + + -- OSPF Command: max-metric router-lsa [on-startup|on-shutdown] +<5-86400> + -- OSPF Command: max-metric router-lsa administrative + -- OSPF Command: no max-metric router-lsa +[on-startup|on-shutdown|administrative] + This enables `RFC3137, OSPF Stub Router Advertisement' support, + where the OSPF process describes its transit links in its + router-LSA as having infinite distance so that other routers will + avoid calculating transit paths through the router while still + being able to reach networks through the router. + + This support may be enabled administratively (and indefinitely) or + conditionally. Conditional enabling of max-metric router-lsas can + be for a period of seconds after startup and/or for a period of + seconds prior to shutdown. + + Enabling this for a period after startup allows OSPF to converge + fully first without affecting any existing routes used by other + routers, while still allowing any connected stub links and/or + redistributed routes to be reachable. Enabling this for a period + of time in advance of shutdown allows the router to gracefully + excuse itself from the OSPF domain. + + Enabling this feature administratively allows for administrative + intervention for whatever reason, for an indefinite period of time. + Note that if the configuration is written to file, this + administrative form of the stub-router command will also be + written to file. If `ospfd' is restarted later, the command will + then take effect until manually deconfigured. + + Configured state of this feature as well as current status, such + as the number of second remaining till on-startup or on-shutdown + ends, can be viewed with the *Note show ip ospf:: command. + + -- OSPF Command: auto-cost reference-bandwidth <1-4294967> + -- OSPF Command: no auto-cost reference-bandwidth + This sets the reference bandwidth for cost calculations, where this + bandwidth is considered equivalent to an OSPF cost of 1, specified + in Mbits/s. The default is 100Mbit/s (i.e. a link of bandwidth + 100Mbit/s or higher will have a cost of 1. Cost of lower bandwidth + links will be scaled with reference to this cost). + + This configuration setting MUST be consistent across all routers + within the OSPF domain. -- OSPF Command: network A.B.C.D/M area A.B.C.D -- OSPF Command: network A.B.C.D/M area <0-4294967295> @@ -2134,12 +2239,14 @@ writing, `ospfd' does not support multiple OSPF processes. interface has an address from range 192.168.1.0/24 then the command below enables ospf on this interface so router can provide network information to the other ospf routers via this interface. + router ospf network 192.168.1.0/24 area 0.0.0.0 - Prefix length in interface must be equal or bigger (ie. - smaller network) than prefix length in network statement. For - example statement above doesn't enable ospf on interface with - address 192.168.1.1/23, but it does on interface with address + + Prefix length in interface must be equal or bigger (ie. smaller + network) than prefix length in network statement. For example + statement above doesn't enable ospf on interface with address + 192.168.1.1/23, but it does on interface with address 192.168.1.129/25. @@ -2158,12 +2265,14 @@ File: quagga.info, Node: OSPF area, Next: OSPF interface, Prev: OSPF router, (Type-2) (ie. LSAs with scope area) can be summarized. Type-5 AS-external-LSAs can't be summarized - their scope is AS. Summarizing Type-7 AS-external-LSAs isn't supported yet by Quagga. + router ospf network 192.168.1.0/24 area 0.0.0.0 network 10.0.0.0/8 area 0.0.0.10 area 0.0.0.10 range 10.0.0.0/8 - With configuration above one Type-3 Summary-LSA with routing - info 10.0.0.0/8 is announced into backbone area if area 0.0.0.10 + + With configuration above one Type-3 Summary-LSA with routing info + 10.0.0.0/8 is announced into backbone area if area 0.0.0.10 contains at least one intra-area network (ie. described with router or network LSA) from this range. @@ -2177,15 +2286,16 @@ File: quagga.info, Node: OSPF area, Next: OSPF interface, Prev: OSPF router, -- OSPF Command: no area A.B.C.D range IPV4_PREFIX substitute IPV4_PREFIX Substitute summarized prefix with another prefix. + router ospf network 192.168.1.0/24 area 0.0.0.0 network 10.0.0.0/8 area 0.0.0.10 area 0.0.0.10 range 10.0.0.0/8 substitute 11.0.0.0/8 - One Type-3 summary-LSA with routing info 11.0.0.0/8 is - announced into backbone area if area 0.0.0.10 contains at least - one intra-area network (ie. described with router-LSA or - network-LSA) from range 10.0.0.0/8. This command makes sense in - ABR only. + + One Type-3 summary-LSA with routing info 11.0.0.0/8 is announced + into backbone area if area 0.0.0.10 contains at least one + intra-area network (ie. described with router-LSA or network-LSA) + from range 10.0.0.0/8. This command makes sense in ABR only. -- OSPF Command: area A.B.C.D virtual-link A.B.C.D -- OSPF Command: area <0-4294967295> virtual-link A.B.C.D @@ -2196,19 +2306,31 @@ IPV4_PREFIX -- OSPF Command: area <0-4294967295> shortcut -- OSPF Command: no area A.B.C.D shortcut -- OSPF Command: no area <0-4294967295> shortcut + Configure th area as Shortcut capable. See `RFC3509'. This requires + that the 'abr-type' be set to 'shortcut'. -- OSPF Command: area A.B.C.D stub -- OSPF Command: area <0-4294967295> stub -- OSPF Command: no area A.B.C.D stub -- OSPF Command: no area <0-4294967295> stub + Configure the area to be a stub area. That is, an area where no + router originates routes external to OSPF and hence an area where + all external routes are via the ABR(s). Hence, ABRs for such an + area do not need to pass AS-External LSAs (type-5s) or + ASBR-Summary LSAs (type-4) into the area. They need only pass + Network-Summary (type-3) LSAs into such an area, just a default + summary. -- OSPF Command: area A.B.C.D stub no-summary -- OSPF Command: area <0-4294967295> stub no-summary -- OSPF Command: no area A.B.C.D stub no-summary -- OSPF Command: no area <0-4294967295> stub no-summary + Prevents an `ospfd' ABR from injecting inter-area summaries into + the specified stub area. -- OSPF Command: area A.B.C.D default-cost <0-16777215> -- OSPF Command: no area A.B.C.D default-cost <0-16777215> + Set the cost of default-summary LSAs announced to stubby areas. -- OSPF Command: area A.B.C.D export-list NAME -- OSPF Command: area <0-4294967295> export-list NAME @@ -2216,6 +2338,7 @@ IPV4_PREFIX -- OSPF Command: no area <0-4294967295> export-list NAME Filter Type-3 summary-LSAs announced to other areas originated from intra- area paths from specified area. + router ospf network 192.168.1.0/24 area 0.0.0.0 network 10.0.0.0/8 area 0.0.0.10 @@ -2223,11 +2346,15 @@ IPV4_PREFIX ! access-list foo permit 10.10.0.0/16 access-list foo deny any - With example above any intra-area paths from area 0.0.0.10 - and from range 10.10.0.0/16 (for example 10.10.1.0/24 and + + With example above any intra-area paths from area 0.0.0.10 and + from range 10.10.0.0/16 (for example 10.10.1.0/24 and 10.10.2.128/30) are announced into other areas as Type-3 summary-LSA's, but any others (for example 10.11.0.0/16 or - 10.128.30.16/30) aren't. This command makes sense in ABR only. + 10.128.30.16/30) aren't. + + This command is only relevant if the router is an ABR for the + specified area. -- OSPF Command: area A.B.C.D import-list NAME -- OSPF Command: area <0-4294967295> import-list NAME @@ -2251,9 +2378,13 @@ IPV4_PREFIX -- OSPF Command: area <0-4294967295> authentication -- OSPF Command: no area A.B.C.D authentication -- OSPF Command: no area <0-4294967295> authentication + Specify that simple password authentication should be used for the + given area. -- OSPF Command: area A.B.C.D authentication message-digest -- OSPF Command: area <0-4294967295> authentication message-digest + Specify that OSPF packets should be authenticated with MD5 HMACs + for the given area. File: quagga.info, Node: OSPF interface, Next: Redistribute routes to OSPF, Prev: OSPF area, Up: OSPFv2 @@ -2275,7 +2406,7 @@ File: quagga.info, Node: OSPF interface, Next: Redistribute routes to OSPF, P key up to 16 chars. Note that OSPF MD5 authentication requires that time never go - backwards (correct time is not important, only that it never goes + backwards (correct time is NOT important, only that it never goes backwards), even across resets, if ospfd is to be able to promptly reestabish adjacencies with its neighbours after restarts/reboots. The host should have system time be set at boot from an external @@ -2290,12 +2421,24 @@ File: quagga.info, Node: OSPF interface, Next: Redistribute routes to OSPF, P to router-LSA's metric field and used for SPF calculation. -- Interface Command: ip ospf dead-interval <1-65535> + -- Interface Command: ip ospf dead-interval minimal hello-multiplier +<2-20> -- Interface Command: no ip ospf dead-interval Set number of seconds for RouterDeadInterval timer value used for Wait Timer and Inactivity Timer. This value must be the same for all routers attached to a common network. The default value is 40 seconds. + If 'minimal' is specified instead, then the dead-interval is set + to 1 second and one must specify a hello-multiplier. The + hello-multiplier specifies how many Hellos to send per second, + from 2 (every 500ms) to 20 (every 50ms). Thus one can have 1s + convergence time for OSPF. If this form is specified, then the + hello-interval advertised in Hello packets is set to 0 and the + hello-interval on received Hello packets is not checked, thus the + hello-multiplier need NOT be the same across multiple routers on a + common link. + -- Interface Command: ip ospf hello-interval <1-65535> -- Interface Command: no ip ospf hello-interval Set number of seconds for HelloInterval timer value. Setting this @@ -2303,6 +2446,9 @@ File: quagga.info, Node: OSPF interface, Next: Redistribute routes to OSPF, P specified interface. This value must be the same for all routers attached to a common network. The default value is 10 seconds. + This command has no effect if *Note ip ospf dead-interval + minimal:: is also specified for the interface. + -- Interface Command: ip ospf network (broadcast|non-broadcast|point-to-multipoint|point-to-point) -- Interface Command: no ip ospf network @@ -2349,6 +2495,9 @@ metric-type (1|2) metric <0-16777214> -- OSPF Command: redistribute (kernel|connected|static|rip|bgp) metric-type (1|2) metric <0-16777214> route-map WORD -- OSPF Command: no redistribute (kernel|connected|static|rip|bgp) + Redistribute routes of the specified protocol or kind into OSPF, + with the metric type and metric set if specified, filtering the + routes using the given route-map if specified. -- OSPF Command: default-information originate -- OSPF Command: default-information originate metric <0-16777214> @@ -2364,6 +2513,11 @@ metric-type (1|2) route-map WORD -- OSPF Command: default-information originate always metric <0-16777214> metric-type (1|2) route-map WORD -- OSPF Command: no default-information originate + Originate an AS-External (type-5) LSA describing a default route + into all external-routing capable areas, of the specified metric + and metric type. If the 'always' keyword is given then the default + is always advertised, even when there is no default present in the + routing table. -- OSPF Command: distribute-list NAME out (kernel|connected|static|rip|ospf @@ -2390,8 +2544,12 @@ File: quagga.info, Node: Showing OSPF information, Next: Debugging OSPF, Prev ============================ -- Command: show ip ospf + Show information on a variety of general OSPF and area state and + configuration information. -- Command: show ip ospf interface [INTERFACE] + Show state and configuration of OSPF the specified interface, or + all interfaces if no interface is given. -- Command: show ip ospf neighbor -- Command: show ip ospf neighbor INTERFACE @@ -2419,12 +2577,12 @@ self-originate -- Command: show ip ospf database self-originate - -- Command: show ip ospf refresher - -- Command: show ip ospf route + Show the OSPF routing table, as determined by the most recent SPF + calculation. -File: quagga.info, Node: Debugging OSPF, Prev: Showing OSPF information, Up: OSPFv2 +File: quagga.info, Node: Debugging OSPF, Next: OSPF Configuration Examples, Prev: Showing OSPF information, Up: OSPFv2 7.7 Debugging OSPF ================== @@ -2457,6 +2615,55 @@ File: quagga.info, Node: Debugging OSPF, Prev: Showing OSPF information, Up: -- Command: show debugging ospf +File: quagga.info, Node: OSPF Configuration Examples, Prev: Debugging OSPF, Up: OSPFv2 + +7.8 OSPF Configuration Examples +=============================== + +A simple example, with MD5 authentication enabled: + + ! + interface bge0 + ip ospf authentication message-digest + ip ospf message-digest-key 1 md5 ABCDEFGHIJK + ! + router ospf + network 192.168.0.0/16 area 0.0.0.1 + area 0.0.0.1 authentication message-digest + + An ABR router, with MD5 authentication and performing summarisation +of networks between the areas: + + ! + password ABCDEF + log file /var/log/quagga/ospfd.log + service advanced-vty + ! + interface eth0 + ip ospf authentication message-digest + ip ospf message-digest-key 1 md5 ABCDEFGHIJK + ! + interface ppp0 + ! + interface br0 + ip ospf authentication message-digest + ip ospf message-digest-key 2 md5 XYZ12345 + ! + router ospf + ospf router-id 192.168.0.1 + redistribute connected + passive interface ppp0 + network 192.168.0.0/24 area 0.0.0.0 + network 10.0.0.0/16 area 0.0.0.0 + network 192.168.1.0/24 area 0.0.0.1 + area 0.0.0.0 authentication message-digest + area 0.0.0.0 range 10.0.0.0/16 + area 0.0.0.0 range 192.168.0.0/24 + area 0.0.0.1 authentication message-digest + area 0.0.0.1 range 10.2.0.0/16 + ! + + File: quagga.info, Node: OSPFv3, Next: BGP, Prev: OSPFv2, Up: Top 8 OSPFv3 @@ -3932,8 +4139,9 @@ additional comments: not to remove them as they do not hurt anybody (they can always be left empty). - Figure 10.4: Announcement processing model implemented by the Route -Server + + +Figure 10.4: Announcement processing model implemented by the Route Server File: quagga.info, Node: Commands for configuring a Route Server, Next: Example of Route Server Configuration, Prev: Description of the Route Server model, Up: Configuring Quagga as a Route Server @@ -4875,9 +5083,9 @@ File: quagga.info, Node: SNMP Support, Next: Zebra Protocol, Prev: Kernel Int *************** SNMP (Simple Network Managing Protocol) is a widely implemented feature -for collecting network information from router and/or host. Quagga +for collecting network information from router and/or host. Quagga itself does not support SNMP agent (server daemon) functionality but is -able to connect to a SNMP agent using the SMUX protocol (RFC1227) and +able to connect to a SNMP agent using the SMUX protocol (`RFC1227') and make the routing protocol MIBs available through it. * Menu: @@ -4885,6 +5093,7 @@ make the routing protocol MIBs available through it. * Getting and installing an SNMP agent:: * SMUX configuration:: * MIB and command reference:: +* Handling SNMP Traps:: File: quagga.info, Node: Getting and installing an SNMP agent, Next: SMUX configuration, Up: SNMP Support @@ -4955,7 +5164,7 @@ patch snmpd and comment out the troublesome `snmp_log()' line in the function `netsnmp_agent_check_packet()' in `agent/snmp_agent.c'. -File: quagga.info, Node: MIB and command reference, Prev: SMUX configuration, Up: SNMP Support +File: quagga.info, Node: MIB and command reference, Next: Handling SNMP Traps, Prev: SMUX configuration, Up: SNMP Support 16.3 MIB and command reference ============================== @@ -4988,6 +5197,208 @@ configuring SNMP: -- Command: no smux peer OID PASSWORD +File: quagga.info, Node: Handling SNMP Traps, Prev: MIB and command reference, Up: SNMP Support + +16.4 Handling SNMP Traps +======================== + +To handle snmp traps make sure your snmp setup of quagga works +correctly as described in the quagga documentation in *Note SNMP +Support::. + + The BGP4 mib will send traps on peer up/down events. These should be +visible in your snmp logs with a message similar to: + + `snmpd[13733]: Got trap from peer on fd 14' + + To react on these traps they should be handled by a trapsink. +Configure your trapsink by adding the following lines to +`/etc/snmpd/snmpd.conf': + + # send traps to the snmptrapd on localhost + trapsink localhost + + This will send all traps to an snmptrapd running on localhost. You +can of course also use a dedicated management station to catch traps. +Configure the snmptrapd daemon by adding the following line to +`/etc/snmpd/snmptrapd.conf': + + traphandle .1.3.6.1.4.1.3317.1.2.2 /etc/snmp/snmptrap_handle.sh + + This will use the bash script `/etc/snmp/snmptrap_handle.sh' to +handle the BGP4 traps. To add traps for other protocol daemons, lookup +their appropriate OID from their mib. (For additional information about +which traps are supported by your mib, lookup the mib on +`http://www.oidview.com/mibs/detail.html'). + + Make sure snmptrapd is started. + + The snmptrap_handle.sh script I personally use for handling BGP4 +traps is below. You can of course do all sorts of things when handling +traps, like sound a siren, have your display flash, etc., be creative +;). + + + #!/bin/bash + + # routers name + ROUTER=`hostname -s` + + #email address use to sent out notification + EMAILADDR="john@doe.com" + #email address used (allongside above) where warnings should be sent + EMAILADDR_WARN="sms-john@doe.com" + + # type of notification + TYPE="Notice" + + # local snmp community for getting AS belonging to peer + COMMUNITY="<community>" + + # if a peer address is in $WARN_PEERS a warning should be sent + WARN_PEERS="192.0.2.1" + + + # get stdin + INPUT=`cat -` + + # get some vars from stdin + uptime=`echo $INPUT | cut -d' ' -f5` + peer=`echo $INPUT | cut -d' ' -f8 | sed -e 's/SNMPv2-SMI::mib-2.15.3.1.14.//g'` + peerstate=`echo $INPUT | cut -d' ' -f13` + errorcode=`echo $INPUT | cut -d' ' -f9 | sed -e 's/\"//g'` + suberrorcode=`echo $INPUT | cut -d' ' -f10 | sed -e 's/\"//g'` + remoteas=`snmpget -v2c -c $COMMUNITY localhost SNMPv2-SMI::mib-2.15.3.1.9.$peer | cut -d' ' -f4` + + WHOISINFO=`whois -h whois.ripe.net " -r AS$remoteas" | egrep '(as-name|descr)'` + asname=`echo "$WHOISINFO" | grep "^as-name:" | sed -e 's/^as-name://g' -e 's/ //g' -e 's/^ //g' | uniq` + asdescr=`echo "$WHOISINFO" | grep "^descr:" | sed -e 's/^descr://g' -e 's/ //g' -e 's/^ //g' | uniq` + + # if peer address is in $WARN_PEER, the email should also + # be sent to $EMAILADDR_WARN + for ip in $WARN_PEERS; do + if [ "x$ip" == "x$peer" ]; then + EMAILADDR="$EMAILADDR,$EMAILADDR_WARN" + TYPE="WARNING" + break + fi + done + + + # convert peer state + case "$peerstate" in + 1) peerstate="Idle" ;; + 2) peerstate="Connect" ;; + 3) peerstate="Active" ;; + 4) peerstate="Opensent" ;; + 5) peerstate="Openconfirm" ;; + 6) peerstate="Established" ;; + *) peerstate="Unknown" ;; + esac + + # get textual messages for errors + case "$errorcode" in + 00) + error="No error" + suberror="" + ;; + 01) + error="Message Header Error" + case "$suberrorcode" in + 01) suberror="Connection Not Synchronized" ;; + 02) suberror="Bad Message Length" ;; + 03) suberror="Bad Message Type" ;; + *) suberror="Unknown" ;; + esac + ;; + 02) + error="OPEN Message Error" + case "$suberrorcode" in + 01) suberror="Unsupported Version Number" ;; + 02) suberror="Bad Peer AS" ;; + 03) suberror="Bad BGP Identifier" ;; + 04) suberror="Unsupported Optional Parameter" ;; + 05) suberror="Authentication Failure" ;; + 06) suberror="Unacceptable Hold Time" ;; + *) suberror="Unknown" ;; + esac + ;; + 03) + error="UPDATE Message Error" + case "$suberrorcode" in + 01) suberror="Malformed Attribute List" ;; + 02) suberror="Unrecognized Well-known Attribute" ;; + 03) suberror="Missing Well-known Attribute" ;; + 04) suberror="Attribute Flags Error" ;; + 05) suberror="Attribute Length Error" ;; + 06) suberror="Invalid ORIGIN Attribute" ;; + 07) suberror="AS Routing Loop" ;; + 08) suberror="Invalid NEXT_HOP Attribute" ;; + 09) suberror="Optional Attribute Error" ;; + 10) suberror="Invalid Network Field" ;; + 11) suberror="Malformed AS_PATH" ;; + *) suberror="Unknown" ;; + esac + ;; + 04) + error="Hold Timer Expired" + suberror="" + ;; + 05) + error="Finite State Machine Error" + suberror="" + ;; + 06) + error="Cease" + case "$suberrorcode" in + 01) suberror="Maximum Number of Prefixes Reached" ;; + 02) suberror="Administratively Shutdown" ;; + 03) suberror="Peer Unconfigured" ;; + 04) suberror="Administratively Reset" ;; + 05) suberror="Connection Rejected" ;; + 06) suberror="Other Configuration Change" ;; + 07) suberror="Connection collision resolution" ;; + 08) suberror="Out of Resource" ;; + 09) suberror="MAX" ;; + *) suberror="Unknown" ;; + esac + ;; + *) + error="Unknown" + suberror="" + ;; + esac + + # create textual message from errorcodes + if [ "x$suberror" == "x" ]; then + NOTIFY="$errorcode ($error)" + else + NOTIFY="$errorcode/$suberrorcode ($error/$suberror)" + fi + + + # form a decent subject + SUBJECT="$TYPE: $ROUTER [bgp] $peer is $peerstate: $NOTIFY" + # create the email body + MAIL=`cat << EOF + BGP notification on router $ROUTER. + + Peer: $peer + AS: $remoteas + New state: $peerstate + Notification: $NOTIFY + + Info: + $asname + $asdescr + + Snmpd uptime: $uptime + EOF` + + # mail the notification + echo "$MAIL" | mail -s "$SUBJECT" $EMAILADDR + + File: quagga.info, Node: Zebra Protocol, Next: Packet Binary Dump Format, Prev: SNMP Support, Up: Top Appendix A Zebra Protocol @@ -5253,34 +5664,34 @@ Command Index * aggregate-address A.B.C.D/M as-set: Route Aggregation. (line 10) * aggregate-address A.B.C.D/M summary-only: Route Aggregation. (line 14) -* area <0-4294967295> authentication: OSPF area. (line 107) +* area <0-4294967295> authentication: OSPF area. (line 127) * area <0-4294967295> authentication message-digest: OSPF area. - (line 112) -* area <0-4294967295> export-list NAME: OSPF area. (line 70) -* area <0-4294967295> filter-list prefix NAME in: OSPF area. (line 97) -* area <0-4294967295> filter-list prefix NAME out: OSPF area. (line 98) -* area <0-4294967295> import-list NAME: OSPF area. (line 89) + (line 134) +* area <0-4294967295> export-list NAME: OSPF area. (line 85) +* area <0-4294967295> filter-list prefix NAME in: OSPF area. (line 117) +* area <0-4294967295> filter-list prefix NAME out: OSPF area. (line 118) +* area <0-4294967295> import-list NAME: OSPF area. (line 109) * area <0-4294967295> range A.B.C.D/M: OSPF area. (line 8) -* area <0-4294967295> shortcut: OSPF area. (line 52) -* area <0-4294967295> stub: OSPF area. (line 57) -* area <0-4294967295> stub no-summary: OSPF area. (line 62) -* area <0-4294967295> virtual-link A.B.C.D: OSPF area. (line 47) -* area A.B.C.D authentication: OSPF area. (line 106) -* area A.B.C.D authentication message-digest: OSPF area. (line 111) -* area A.B.C.D default-cost <0-16777215>: OSPF area. (line 66) -* area A.B.C.D export-list NAME: OSPF area. (line 69) -* area A.B.C.D filter-list prefix NAME in: OSPF area. (line 95) -* area A.B.C.D filter-list prefix NAME out: OSPF area. (line 96) -* area A.B.C.D import-list NAME: OSPF area. (line 88) +* area <0-4294967295> shortcut: OSPF area. (line 55) +* area <0-4294967295> stub: OSPF area. (line 62) +* area <0-4294967295> stub no-summary: OSPF area. (line 74) +* area <0-4294967295> virtual-link A.B.C.D: OSPF area. (line 50) +* area A.B.C.D authentication: OSPF area. (line 126) +* area A.B.C.D authentication message-digest: OSPF area. (line 133) +* area A.B.C.D default-cost <0-16777215>: OSPF area. (line 80) +* area A.B.C.D export-list NAME: OSPF area. (line 84) +* area A.B.C.D filter-list prefix NAME in: OSPF area. (line 115) +* area A.B.C.D filter-list prefix NAME out: OSPF area. (line 116) +* area A.B.C.D import-list NAME: OSPF area. (line 108) * area A.B.C.D range A.B.C.D/M: OSPF area. (line 7) -* area A.B.C.D range IPV4_PREFIX not-advertise: OSPF area. (line 26) +* area A.B.C.D range IPV4_PREFIX not-advertise: OSPF area. (line 28) * area A.B.C.D range IPV4_PREFIX substitute IPV4_PREFIX: OSPF area. - (line 32) -* area A.B.C.D shortcut: OSPF area. (line 51) -* area A.B.C.D stub: OSPF area. (line 56) -* area A.B.C.D stub no-summary: OSPF area. (line 61) -* area A.B.C.D virtual-link A.B.C.D: OSPF area. (line 46) -* auto-cost refrence-bandwidth <1-4294967>: OSPF router. (line 53) + (line 34) +* area A.B.C.D shortcut: OSPF area. (line 54) +* area A.B.C.D stub: OSPF area. (line 61) +* area A.B.C.D stub no-summary: OSPF area. (line 73) +* area A.B.C.D virtual-link A.B.C.D: OSPF area. (line 49) +* auto-cost reference-bandwidth <1-4294967>: OSPF router. (line 143) * bandwidth <1-10000000>: Interface Commands. (line 31) * banner motd default: Basic Config Commands. (line 110) @@ -5326,30 +5737,30 @@ Command Index (line 15) * debug update: More Show IP BGP. (line 35) * default-information originate <1>: Redistribute routes to OSPF. - (line 24) + (line 27) * default-information originate: How to Announce RIP route. (line 51) * default-information originate always: Redistribute routes to OSPF. - (line 30) + (line 33) * default-information originate always metric <0-16777214>: Redistribute routes to OSPF. - (line 32) + (line 35) * default-information originate always metric <0-16777214> metric-type (1|2): Redistribute routes to OSPF. - (line 34) + (line 37) * default-information originate always metric <0-16777214> metric-type (1|2) route-map WORD: Redistribute routes to OSPF. - (line 36) + (line 39) * default-information originate metric <0-16777214>: Redistribute routes to OSPF. - (line 25) + (line 28) * default-information originate metric <0-16777214> metric-type (1|2): Redistribute routes to OSPF. - (line 27) + (line 30) * default-information originate metric <0-16777214> metric-type (1|2) route-map WORD: Redistribute routes to OSPF. - (line 29) + (line 32) * default-metric <0-16777214>: Redistribute routes to OSPF. - (line 44) + (line 52) * default-metric <1-16>: RIP Metric Manipulation. (line 11) * description DESCRIPTION ...: Interface Commands. (line 24) * distance <1-255> <1>: Redistribute routes to OSPF. - (line 47) + (line 55) * distance <1-255>: RIP distance. (line 9) * distance <1-255> A.B.C.D/M <1>: BGP distance. (line 12) * distance <1-255> A.B.C.D/M: RIP distance. (line 13) @@ -5357,13 +5768,13 @@ Command Index * distance <1-255> A.B.C.D/M WORD: BGP distance. (line 13) * distance bgp <1-255> <1-255> <1-255>: BGP distance. (line 7) * distance ospf (intra-area|inter-area|external) <1-255>: Redistribute routes to OSPF. - (line 51) + (line 59) * distribute-list ACCESS_LIST (in|out) IFNAME: ripngd Filtering Commands. (line 7) * distribute-list ACCESS_LIST DIRECT IFNAME: Filtering RIP Routes. (line 9) * distribute-list NAME out (kernel|connected|static|rip|ospf: Redistribute routes to OSPF. - (line 40) + (line 48) * distribute-list prefix PREFIX_LIST (in|out) IFNAME: Filtering RIP Routes. (line 32) * dump bgp all PATH: Dump BGP packets and table. @@ -5409,13 +5820,15 @@ Command Index * ip ospf authentication-key AUTH_KEY: OSPF interface. (line 7) * ip ospf cost <1-65535>: OSPF interface. (line 30) * ip ospf dead-interval <1-65535>: OSPF interface. (line 35) -* ip ospf hello-interval <1-65535>: OSPF interface. (line 42) +* ip ospf dead-interval minimal hello-multiplier <2-20>: OSPF interface. + (line 37) +* ip ospf hello-interval <1-65535>: OSPF interface. (line 54) * ip ospf message-digest-key KEYID md5 KEY: OSPF interface. (line 13) * ip ospf network (broadcast|non-broadcast|point-to-multipoint|point-to-point): OSPF interface. - (line 50) -* ip ospf priority <0-255>: OSPF interface. (line 54) -* ip ospf retransmit-interval <1-65535>: OSPF interface. (line 61) -* ip ospf transmit-delay: OSPF interface. (line 67) + (line 65) +* ip ospf priority <0-255>: OSPF interface. (line 69) +* ip ospf retransmit-interval <1-65535>: OSPF interface. (line 76) +* ip ospf transmit-delay: OSPF interface. (line 82) * ip prefix-list NAME (permit|deny) PREFIX [le LEN] [ge LEN]: IP Prefix List. (line 16) * ip prefix-list NAME description DESC: ip prefix-list description. @@ -5528,6 +5941,9 @@ Command Index (line 16) * match peer {A.B.C.D|X:X::X:X}: Commands for configuring a Route Server. (line 34) +* max-metric router-lsa [on-startup|on-shutdown] <5-86400>: OSPF router. + (line 110) +* max-metric router-lsa administrative: OSPF router. (line 111) * multicast: Interface Commands. (line 27) * neigbor {A.B.C.D|X.X::X.X|peer-group} route-map WORD {import|export}: Commands for configuring a Route Server. (line 29) @@ -5566,8 +5982,8 @@ Command Index * neighbor X:X::X:X route-server-client: Commands for configuring a Route Server. (line 12) * network A.B.C.D/M: BGP route. (line 7) -* network A.B.C.D/M area <0-4294967295>: OSPF router. (line 57) -* network A.B.C.D/M area A.B.C.D: OSPF router. (line 56) +* network A.B.C.D/M area <0-4294967295>: OSPF router. (line 155) +* network A.B.C.D/M area A.B.C.D: OSPF router. (line 154) * network IFNAME <1>: ripngd Configuration. (line 18) * network IFNAME: RIP Configuration. (line 38) @@ -5575,33 +5991,33 @@ Command Index (line 15) * network NETWORK: RIP Configuration. (line 26) * no aggregate-address A.B.C.D/M: Route Aggregation. (line 18) -* no area <0-4294967295> authentication: OSPF area. (line 109) -* no area <0-4294967295> export-list NAME: OSPF area. (line 72) +* no area <0-4294967295> authentication: OSPF area. (line 129) +* no area <0-4294967295> export-list NAME: OSPF area. (line 87) * no area <0-4294967295> filter-list prefix NAME in: OSPF area. - (line 101) + (line 121) * no area <0-4294967295> filter-list prefix NAME out: OSPF area. - (line 102) -* no area <0-4294967295> import-list NAME: OSPF area. (line 91) + (line 122) +* no area <0-4294967295> import-list NAME: OSPF area. (line 111) * no area <0-4294967295> range A.B.C.D/M: OSPF area. (line 10) -* no area <0-4294967295> shortcut: OSPF area. (line 54) -* no area <0-4294967295> stub: OSPF area. (line 59) -* no area <0-4294967295> stub no-summary: OSPF area. (line 64) -* no area <0-4294967295> virtual-link A.B.C.D: OSPF area. (line 49) -* no area A.B.C.D authentication: OSPF area. (line 108) -* no area A.B.C.D default-cost <0-16777215>: OSPF area. (line 67) -* no area A.B.C.D export-list NAME: OSPF area. (line 71) -* no area A.B.C.D filter-list prefix NAME in: OSPF area. (line 99) -* no area A.B.C.D filter-list prefix NAME out: OSPF area. (line 100) -* no area A.B.C.D import-list NAME: OSPF area. (line 90) +* no area <0-4294967295> shortcut: OSPF area. (line 57) +* no area <0-4294967295> stub: OSPF area. (line 64) +* no area <0-4294967295> stub no-summary: OSPF area. (line 76) +* no area <0-4294967295> virtual-link A.B.C.D: OSPF area. (line 52) +* no area A.B.C.D authentication: OSPF area. (line 128) +* no area A.B.C.D default-cost <0-16777215>: OSPF area. (line 81) +* no area A.B.C.D export-list NAME: OSPF area. (line 86) +* no area A.B.C.D filter-list prefix NAME in: OSPF area. (line 119) +* no area A.B.C.D filter-list prefix NAME out: OSPF area. (line 120) +* no area A.B.C.D import-list NAME: OSPF area. (line 110) * no area A.B.C.D range A.B.C.D/M: OSPF area. (line 9) -* no area A.B.C.D range IPV4_PREFIX not-advertise: OSPF area. (line 27) +* no area A.B.C.D range IPV4_PREFIX not-advertise: OSPF area. (line 29) * no area A.B.C.D range IPV4_PREFIX substitute IPV4_PREFIX: OSPF area. - (line 34) -* no area A.B.C.D shortcut: OSPF area. (line 53) -* no area A.B.C.D stub: OSPF area. (line 58) -* no area A.B.C.D stub no-summary: OSPF area. (line 63) -* no area A.B.C.D virtual-link A.B.C.D: OSPF area. (line 48) -* no auto-cost refrence-bandwidth: OSPF router. (line 54) + (line 36) +* no area A.B.C.D shortcut: OSPF area. (line 56) +* no area A.B.C.D stub: OSPF area. (line 63) +* no area A.B.C.D stub no-summary: OSPF area. (line 75) +* no area A.B.C.D virtual-link A.B.C.D: OSPF area. (line 51) +* no auto-cost reference-bandwidth: OSPF router. (line 144) * no bandwidth <1-10000000>: Interface Commands. (line 32) * no banner motd: Basic Config Commands. (line 113) @@ -5622,20 +6038,20 @@ Command Index (line 30) * no debug update: More Show IP BGP. (line 41) * no default-information originate: Redistribute routes to OSPF. - (line 37) + (line 40) * no default-metric: Redistribute routes to OSPF. - (line 45) + (line 53) * no default-metric <1-16>: RIP Metric Manipulation. (line 12) * no distance <1-255> <1>: Redistribute routes to OSPF. - (line 48) + (line 56) * no distance <1-255>: RIP distance. (line 10) * no distance <1-255> A.B.C.D/M: RIP distance. (line 14) * no distance <1-255> A.B.C.D/M ACCESS-LIST: RIP distance. (line 19) * no distance ospf: Redistribute routes to OSPF. - (line 52) + (line 60) * no distribute-list NAME out (kernel|connected|static|rip|ospf: Redistribute routes to OSPF. - (line 42) + (line 50) * no exec-timeout: Basic Config Commands. (line 124) * no ip address ADDRESS/PREFIX: Interface Commands. (line 15) @@ -5654,13 +6070,13 @@ Command Index (line 28) * no ip ospf authentication-key: OSPF interface. (line 8) * no ip ospf cost: OSPF interface. (line 31) -* no ip ospf dead-interval: OSPF interface. (line 36) -* no ip ospf hello-interval: OSPF interface. (line 43) +* no ip ospf dead-interval: OSPF interface. (line 38) +* no ip ospf hello-interval: OSPF interface. (line 55) * no ip ospf message-digest-key: OSPF interface. (line 14) -* no ip ospf network: OSPF interface. (line 51) -* no ip ospf priority: OSPF interface. (line 55) -* no ip ospf retransmit interval: OSPF interface. (line 62) -* no ip ospf transmit-delay: OSPF interface. (line 68) +* no ip ospf network: OSPF interface. (line 66) +* no ip ospf priority: OSPF interface. (line 70) +* no ip ospf retransmit interval: OSPF interface. (line 77) +* no ip ospf transmit-delay: OSPF interface. (line 83) * no ip prefix-list NAME: IP Prefix List. (line 67) * no ip prefix-list NAME description [DESC]: ip prefix-list description. (line 11) @@ -5710,6 +6126,8 @@ Command Index (line 61) * no log trap: Basic Config Commands. (line 18) +* no max-metric router-lsa [on-startup|on-shutdown|administrative]: OSPF router. + (line 113) * no multicast: Interface Commands. (line 28) * no neighbor A.B.C.D: RIP Configuration. (line 46) * no neighbor PEER default-originate: BGP Peer commands. (line 48) @@ -5729,14 +6147,14 @@ Command Index * no neighbor PEER update-source: BGP Peer commands. (line 45) * no neighbor PEER weight WEIGHT: BGP Peer commands. (line 60) * no network A.B.C.D/M: BGP route. (line 17) -* no network A.B.C.D/M area <0-4294967295>: OSPF router. (line 59) -* no network A.B.C.D/M area A.B.C.D: OSPF router. (line 58) +* no network A.B.C.D/M area <0-4294967295>: OSPF router. (line 157) +* no network A.B.C.D/M area A.B.C.D: OSPF router. (line 156) * no network IFNAME: RIP Configuration. (line 39) * no network NETWORK: RIP Configuration. (line 27) -* no ospf abr-type TYPE: OSPF router. (line 20) -* no ospf rfc1583compatibility: OSPF router. (line 35) +* no ospf abr-type TYPE: OSPF router. (line 27) +* no ospf rfc1583compatibility: OSPF router. (line 49) * no ospf router-id: OSPF router. (line 17) -* no passive interface INTERFACE: OSPF router. (line 44) +* no passive interface INTERFACE: OSPF router. (line 60) * no passive-interface IFNAME: RIP Configuration. (line 69) * no redistribute (kernel|connected|static|rip|bgp): Redistribute routes to OSPF. (line 22) @@ -5756,22 +6174,22 @@ Command Index * no router ospf: OSPF router. (line 11) * no router rip: RIP Configuration. (line 12) * no router zebra: Redistribute routes to OSPF. - (line 55) + (line 63) * no shutdown: Interface Commands. (line 10) * no smux peer OID: MIB and command reference. (line 29) * no smux peer OID PASSWORD: MIB and command reference. (line 32) * no timers basic: RIP Timers. (line 31) -* no timers spf: OSPF router. (line 47) +* no timers throttle spf: OSPF router. (line 72) * offset-list ACCESS-LIST (in|out): RIP Metric Manipulation. (line 20) * offset-list ACCESS-LIST (in|out) IFNAME: RIP Metric Manipulation. (line 21) -* ospf abr-type TYPE: OSPF router. (line 19) -* ospf rfc1583compatibility: OSPF router. (line 34) +* ospf abr-type TYPE: OSPF router. (line 26) +* ospf rfc1583compatibility: OSPF router. (line 48) * ospf router-id A.B.C.D: OSPF router. (line 16) -* passive interface INTERFACE: OSPF router. (line 43) +* passive interface INTERFACE: OSPF router. (line 59) * passive-interface (IFNAME|default): RIP Configuration. (line 68) * password PASSWORD: Basic Config Commands. (line 10) @@ -5832,9 +6250,6 @@ Command Index (line 16) * redistribute static route-map ROUTE-MAP: How to Announce RIP route. (line 17) -* refresh age-diff <0-10000>: OSPF router. (line 51) -* refresh group-limit <0-10000>: OSPF router. (line 49) -* refresh per-slice <0-10000>: OSPF router. (line 50) * route A.B.C.D/M: How to Announce RIP route. (line 53) * route NETWORK: ripngd Configuration. @@ -5852,7 +6267,7 @@ Command Index * router ripng: ripngd Configuration. (line 9) * router zebra <1>: Redistribute routes to OSPF. - (line 54) + (line 62) * router zebra: ripngd Configuration. (line 24) * router-id A.B.C.D: OSPF6 router. (line 9) @@ -5937,37 +6352,35 @@ Command Index * show ip ospf: Showing OSPF information. (line 7) * show ip ospf database: Showing OSPF information. - (line 16) + (line 20) * show ip ospf database (asbr-summary|external|network|router|summary): Showing OSPF information. - (line 19) + (line 23) * show ip ospf database (asbr-summary|external|network|router|summary) adv-router ADV-ROUTER: Showing OSPF information. - (line 26) + (line 30) * show ip ospf database (asbr-summary|external|network|router|summary) LINK-STATE-ID: Showing OSPF information. - (line 21) + (line 25) * show ip ospf database (asbr-summary|external|network|router|summary) LINK-STATE-ID adv-router ADV-ROUTER: Showing OSPF information. - (line 24) + (line 28) * show ip ospf database (asbr-summary|external|network|router|summary) LINK-STATE-ID self-originate: Showing OSPF information. - (line 29) + (line 33) * show ip ospf database (asbr-summary|external|network|router|summary) self-originate: Showing OSPF information. - (line 31) + (line 35) * show ip ospf database max-age: Showing OSPF information. - (line 33) + (line 37) * show ip ospf database self-originate: Showing OSPF information. - (line 35) + (line 39) * show ip ospf interface [INTERFACE]: Showing OSPF information. - (line 9) -* show ip ospf neighbor: Showing OSPF information. (line 11) +* show ip ospf neighbor: Showing OSPF information. + (line 15) * show ip ospf neighbor detail: Showing OSPF information. - (line 13) + (line 17) * show ip ospf neighbor INTERFACE: Showing OSPF information. - (line 12) + (line 16) * show ip ospf neighbor INTERFACE detail: Showing OSPF information. - (line 14) -* show ip ospf refresher: Showing OSPF information. - (line 37) + (line 18) * show ip ospf route: Showing OSPF information. - (line 39) + (line 41) * show ip prefix-list: Showing ip prefix-list. (line 7) * show ip prefix-list detail: Showing ip prefix-list. @@ -6028,7 +6441,8 @@ Command Index * terminal length <0-512>: Terminal Mode Commands. (line 17) * timers basic UPDATE TIMEOUT GARBAGE: RIP Timers. (line 7) -* timers spf <0-4294967295> <0-4294967295>: OSPF router. (line 46) +* timers throttle spf DELAY INITIAL-HOLDTIME MAX-HOLDTIME: OSPF router. + (line 71) * username USERNAME nopassword: VTY shell username. (line 7) * version VERSION: RIP Configuration. (line 23) * who: Terminal Mode Commands. @@ -6097,151 +6511,155 @@ Node: About Quagga4730 Node: System Architecture6983 Node: Supported Platforms9673 Node: Supported RFC10814 -Node: How to get Quagga12778 -Node: Mailing List13532 -Node: Bug Reports13979 -Node: Installation14857 -Node: Configure the Software15291 -Node: The Configure script and its options15539 -Node: Least-Privilege support18727 -Node: Linux notes20463 -Ref: Linux notes-Footnote-122321 -Node: Build the Software22387 -Node: Install the Software22935 -Node: Basic commands24395 -Node: Config Commands25170 -Node: Basic Config Commands26063 -Node: Sample Config File31553 -Node: Terminal Mode Commands32323 -Node: Common Invocation Options33420 -Node: Virtual Terminal Interfaces34827 -Node: VTY Overview35338 -Node: VTY Modes36589 -Node: VTY View Mode37039 -Node: VTY Enable Mode37289 -Node: VTY Other Modes37567 -Node: VTY CLI Commands37743 -Node: CLI Movement Commands38203 -Node: CLI Editing Commands38726 -Node: CLI Advanced Commands39314 -Node: Zebra40080 -Node: Invoking zebra40589 -Node: Interface Commands41168 -Node: Static Route Commands42700 -Node: zebra Terminal Mode Commands45973 -Node: RIP46938 -Node: Starting and Stopping ripd47875 -Node: RIP netmask49288 -Node: RIP Configuration50387 -Node: How to Announce RIP route54652 -Node: Filtering RIP Routes57215 -Node: RIP Metric Manipulation58682 -Node: RIP distance59595 -Node: RIP route-map60410 -Node: RIP Authentication62926 -Node: RIP Timers64033 -Node: Show RIP Information65319 -Node: RIP Debug Commands66692 -Node: RIPng67688 -Node: Invoking ripngd68008 -Node: ripngd Configuration68257 -Node: ripngd Terminal Mode Commands69008 -Node: ripngd Filtering Commands69372 -Node: OSPFv269881 -Node: Configuring ospfd70440 -Node: OSPF router70908 -Node: OSPF area74064 -Node: OSPF interface79246 -Node: Redistribute routes to OSPF82629 -Node: Showing OSPF information84792 -Node: Debugging OSPF86038 -Node: OSPFv387077 -Node: OSPF6 router87397 -Node: OSPF6 area87751 -Node: OSPF6 interface87929 -Node: Redistribute routes to OSPF688806 -Node: Showing OSPF6 information89122 -Node: BGP89942 -Node: Starting BGP90832 -Node: BGP router91409 -Node: BGP distance92653 -Node: BGP decision process93091 -Node: BGP network93573 -Node: BGP route93763 -Node: Route Aggregation94319 -Node: Redistribute to BGP94888 -Node: BGP Peer95415 -Node: Defining Peer95602 -Node: BGP Peer commands96215 -Node: Peer filtering98619 -Node: BGP Peer Group99127 -Node: BGP Address Family99440 -Node: Autonomous System99594 -Node: AS Path Regular Expression100431 -Node: Display BGP Routes by AS Path101678 -Node: AS Path Access List102118 -Node: Using AS Path in Route Map102585 -Node: Private AS Numbers102866 -Node: BGP Communities Attribute103024 -Node: BGP Community Lists105491 -Node: Numbered BGP Community Lists108145 -Node: BGP Community in Route Map109732 -Node: Display BGP Routes by Community111675 -Node: Using BGP Communities Attribute112844 -Node: BGP Extended Communities Attribute116412 -Node: BGP Extended Community Lists118184 -Node: BGP Extended Communities in Route Map120059 -Node: Displaying BGP routes120518 -Node: Show IP BGP120755 -Node: More Show IP BGP121455 -Node: Capability Negotiation122606 -Node: Route Reflector125910 -Node: Route Server126189 -Node: Multiple instance127255 -Node: BGP instance and view129066 -Node: Routing policy130446 -Node: Viewing the view131214 -Node: How to set up a 6-Bone connection131499 -Node: Dump BGP packets and table132871 -Node: Configuring Quagga as a Route Server133418 -Node: Description of the Route Server model134379 -Ref: fig:normal-processing135956 -Ref: fig:full-mesh136025 -Ref: fig:route-server136050 -Ref: filter-delegation136392 -Ref: Route Server tasks137576 -Ref: Route-server path filter process137947 -Ref: fig:rs-processing140261 -Node: Commands for configuring a Route Server140338 -Node: Example of Route Server Configuration143365 -Node: Configuration of the BGP routers without Route Server144286 -Node: Configuration of the BGP routers with Route Server147169 -Node: Configuration of the Route Server itself148470 -Node: Further considerations about Import and Export route-maps153469 -Node: VTY shell156513 -Node: VTY shell username157182 -Node: VTY shell integrated configuration157814 -Node: Filtering159262 -Node: IP Access List159615 -Node: IP Prefix List160001 -Node: ip prefix-list description163020 -Node: ip prefix-list sequential number control163547 -Node: Showing ip prefix-list164089 -Node: Clear counter of ip prefix-list165197 -Node: Route Map165636 -Node: Route Map Command166141 -Node: Route Map Match Command166338 -Node: Route Map Set Command166962 -Node: IPv6 Support167839 -Node: Router Advertisement168411 -Node: Kernel Interface174027 -Node: SNMP Support175984 -Node: Getting and installing an SNMP agent176556 -Node: SMUX configuration177129 -Node: MIB and command reference179265 -Node: Zebra Protocol180652 -Node: Packet Binary Dump Format182566 -Node: Command Index194176 -Node: VTY Key Index251883 +Node: How to get Quagga12896 +Node: Mailing List13650 +Node: Bug Reports14097 +Node: Installation14975 +Node: Configure the Software15409 +Node: The Configure script and its options15657 +Node: Least-Privilege support18845 +Node: Linux notes20581 +Ref: Linux notes-Footnote-122439 +Node: Build the Software22505 +Node: Install the Software23053 +Node: Basic commands24513 +Node: Config Commands25288 +Node: Basic Config Commands26181 +Node: Sample Config File31671 +Node: Terminal Mode Commands32441 +Node: Common Invocation Options33538 +Node: Virtual Terminal Interfaces34945 +Node: VTY Overview35456 +Node: VTY Modes36707 +Node: VTY View Mode37157 +Node: VTY Enable Mode37407 +Node: VTY Other Modes37685 +Node: VTY CLI Commands37861 +Node: CLI Movement Commands38321 +Node: CLI Editing Commands38844 +Node: CLI Advanced Commands39432 +Node: Zebra40198 +Node: Invoking zebra40707 +Node: Interface Commands41286 +Node: Static Route Commands42818 +Node: zebra Terminal Mode Commands46091 +Node: RIP47056 +Node: Starting and Stopping ripd47993 +Node: RIP netmask49406 +Node: RIP Configuration50505 +Node: How to Announce RIP route54770 +Node: Filtering RIP Routes57333 +Node: RIP Metric Manipulation58800 +Node: RIP distance59713 +Node: RIP route-map60528 +Node: RIP Authentication63044 +Node: RIP Timers64151 +Node: Show RIP Information65437 +Node: RIP Debug Commands66810 +Node: RIPng67806 +Node: Invoking ripngd68126 +Node: ripngd Configuration68375 +Node: ripngd Terminal Mode Commands69126 +Node: ripngd Filtering Commands69490 +Node: OSPFv269999 +Node: Configuring ospfd70651 +Node: OSPF router71199 +Node: OSPF area79525 +Node: OSPF interface85650 +Ref: ip ospf dead-interval minimal87219 +Node: Redistribute routes to OSPF89791 +Node: Showing OSPF information92449 +Ref: show ip ospf92634 +Node: Debugging OSPF93965 +Node: OSPF Configuration Examples95040 +Node: OSPFv396410 +Node: OSPF6 router96730 +Node: OSPF6 area97084 +Node: OSPF6 interface97262 +Node: Redistribute routes to OSPF698139 +Node: Showing OSPF6 information98455 +Node: BGP99275 +Node: Starting BGP100165 +Node: BGP router100742 +Node: BGP distance101986 +Node: BGP decision process102424 +Node: BGP network102906 +Node: BGP route103096 +Node: Route Aggregation103652 +Node: Redistribute to BGP104221 +Node: BGP Peer104748 +Node: Defining Peer104935 +Node: BGP Peer commands105548 +Node: Peer filtering107952 +Node: BGP Peer Group108460 +Node: BGP Address Family108773 +Node: Autonomous System108927 +Node: AS Path Regular Expression109764 +Node: Display BGP Routes by AS Path111011 +Node: AS Path Access List111451 +Node: Using AS Path in Route Map111918 +Node: Private AS Numbers112199 +Node: BGP Communities Attribute112357 +Node: BGP Community Lists114824 +Node: Numbered BGP Community Lists117478 +Node: BGP Community in Route Map119065 +Node: Display BGP Routes by Community121008 +Node: Using BGP Communities Attribute122177 +Node: BGP Extended Communities Attribute125745 +Node: BGP Extended Community Lists127517 +Node: BGP Extended Communities in Route Map129392 +Node: Displaying BGP routes129851 +Node: Show IP BGP130088 +Node: More Show IP BGP130788 +Node: Capability Negotiation131939 +Node: Route Reflector135243 +Node: Route Server135522 +Node: Multiple instance136588 +Node: BGP instance and view138399 +Node: Routing policy139779 +Node: Viewing the view140547 +Node: How to set up a 6-Bone connection140832 +Node: Dump BGP packets and table142204 +Node: Configuring Quagga as a Route Server142751 +Node: Description of the Route Server model143712 +Ref: fig:normal-processing145289 +Ref: fig:full-mesh145358 +Ref: fig:route-server145383 +Ref: filter-delegation145725 +Ref: Route Server tasks146909 +Ref: Route-server path filter process147280 +Ref: fig:rs-processing149594 +Node: Commands for configuring a Route Server149747 +Node: Example of Route Server Configuration152774 +Node: Configuration of the BGP routers without Route Server153695 +Node: Configuration of the BGP routers with Route Server156578 +Node: Configuration of the Route Server itself157879 +Node: Further considerations about Import and Export route-maps162878 +Node: VTY shell165922 +Node: VTY shell username166591 +Node: VTY shell integrated configuration167223 +Node: Filtering168671 +Node: IP Access List169024 +Node: IP Prefix List169410 +Node: ip prefix-list description172429 +Node: ip prefix-list sequential number control172956 +Node: Showing ip prefix-list173498 +Node: Clear counter of ip prefix-list174606 +Node: Route Map175045 +Node: Route Map Command175550 +Node: Route Map Match Command175747 +Node: Route Map Set Command176371 +Node: IPv6 Support177248 +Node: Router Advertisement177820 +Node: Kernel Interface183436 +Node: SNMP Support185393 +Node: Getting and installing an SNMP agent185992 +Node: SMUX configuration186565 +Node: MIB and command reference188701 +Node: Handling SNMP Traps190116 +Node: Zebra Protocol196195 +Node: Packet Binary Dump Format198109 +Node: Command Index209719 +Node: VTY Key Index267658 End Tag Table diff --git a/doc/snmp.texi b/doc/snmp.texi index 96f080b2..3f80cc58 100644 --- a/doc/snmp.texi +++ b/doc/snmp.texi @@ -1,16 +1,18 @@ @node SNMP Support @chapter SNMP Support -SNMP (Simple Network Managing Protocol) is a widely implemented feature for -collecting network information from router and/or host. Quagga itself does not -support SNMP agent (server daemon) functionality but is able to connect to a -SNMP agent using the SMUX protocol (RFC1227) and make the routing protocol MIBs -available through it. +@acronym{SNMP,Simple Network Managing Protocol} is a widely implemented +feature for collecting network information from router and/or host. +Quagga itself does not support SNMP agent (server daemon) functionality +but is able to connect to a SNMP agent using the SMUX protocol +(@cite{RFC1227}) and make the routing protocol MIBs available through +it. @menu * Getting and installing an SNMP agent:: * SMUX configuration:: * MIB and command reference:: +* Handling SNMP Traps:: @end menu @node Getting and installing an SNMP agent @@ -29,15 +31,16 @@ be able to accept connections from Quagga. To enable SMUX protocol support, Quagga must have been build with the @code{--enable-snmp} option. -A separate connection has then to be established between between the SNMP agent -(snmpd) and each of the Quagga daemons. This connections each use different OID -numbers and passwords. Be aware that this OID number is not the one that is -used in queries by clients, it is solely used for the intercommunication of the -daemons. +A separate connection has then to be established between between the +SNMP agent (snmpd) and each of the Quagga daemons. This connections +each use different OID numbers and passwords. Be aware that this OID +number is not the one that is used in queries by clients, it is solely +used for the intercommunication of the daemons. -In the following example the ospfd daemon will be connected to the snmpd daemon -using the password "quagga_ospfd". For testing it is recommending to take -exactly the below snmpd.conf as wrong access restrictions can be hard to debug. +In the following example the ospfd daemon will be connected to the +snmpd daemon using the password "quagga_ospfd". For testing it is +recommending to take exactly the below snmpd.conf as wrong access +restrictions can be hard to debug. @example /etc/snmp/snmpd.conf: @@ -109,3 +112,5 @@ The following syntax is understood by the Quagga daemons for configuring SNMP: @deffn {Command} {smux peer @var{oid} @var{password}} {} @deffnx {Command} {no smux peer @var{oid} @var{password}} {} @end deffn + +@include snmptrap.texi diff --git a/doc/snmptrap.texi b/doc/snmptrap.texi new file mode 100644 index 00000000..a80b4d48 --- /dev/null +++ b/doc/snmptrap.texi @@ -0,0 +1,203 @@ +@node Handling SNMP Traps +@section Handling SNMP Traps + +To handle snmp traps make sure your snmp setup of quagga works +correctly as described in the quagga documentation in @xref{SNMP Support}. + +The BGP4 mib will send traps on peer up/down events. These should be +visible in your snmp logs with a message similar to: + +@samp{snmpd[13733]: Got trap from peer on fd 14} + +To react on these traps they should be handled by a trapsink. Configure +your trapsink by adding the following lines to @file{/etc/snmpd/snmpd.conf}: + +@example + # send traps to the snmptrapd on localhost + trapsink localhost +@end example + +This will send all traps to an snmptrapd running on localhost. You can +of course also use a dedicated management station to catch traps. +Configure the snmptrapd daemon by adding the following line to +@file{/etc/snmpd/snmptrapd.conf}: + +@example + traphandle .1.3.6.1.4.1.3317.1.2.2 /etc/snmp/snmptrap_handle.sh +@end example + +This will use the bash script @file{/etc/snmp/snmptrap_handle.sh} to handle +the BGP4 traps. To add traps for other protocol daemons, lookup their +appropriate OID from their mib. (For additional information about which +traps are supported by your mib, lookup the mib on +@uref{http://www.oidview.com/mibs/detail.html}). + +Make sure snmptrapd is started. + +The snmptrap_handle.sh script I personally use for handling BGP4 traps +is below. You can of course do all sorts of things when handling traps, +like sound a siren, have your display flash, etc., be creative ;). + +@verbatim + #!/bin/bash + + # routers name + ROUTER=`hostname -s` + + #email address use to sent out notification + EMAILADDR="john@doe.com" + #email address used (allongside above) where warnings should be sent + EMAILADDR_WARN="sms-john@doe.com" + + # type of notification + TYPE="Notice" + + # local snmp community for getting AS belonging to peer + COMMUNITY="<community>" + + # if a peer address is in $WARN_PEERS a warning should be sent + WARN_PEERS="192.0.2.1" + + + # get stdin + INPUT=`cat -` + + # get some vars from stdin + uptime=`echo $INPUT | cut -d' ' -f5` + peer=`echo $INPUT | cut -d' ' -f8 | sed -e 's/SNMPv2-SMI::mib-2.15.3.1.14.//g'` + peerstate=`echo $INPUT | cut -d' ' -f13` + errorcode=`echo $INPUT | cut -d' ' -f9 | sed -e 's/\"//g'` + suberrorcode=`echo $INPUT | cut -d' ' -f10 | sed -e 's/\"//g'` + remoteas=`snmpget -v2c -c $COMMUNITY localhost SNMPv2-SMI::mib-2.15.3.1.9.$peer | cut -d' ' -f4` + + WHOISINFO=`whois -h whois.ripe.net " -r AS$remoteas" | egrep '(as-name|descr)'` + asname=`echo "$WHOISINFO" | grep "^as-name:" | sed -e 's/^as-name://g' -e 's/ //g' -e 's/^ //g' | uniq` + asdescr=`echo "$WHOISINFO" | grep "^descr:" | sed -e 's/^descr://g' -e 's/ //g' -e 's/^ //g' | uniq` + + # if peer address is in $WARN_PEER, the email should also + # be sent to $EMAILADDR_WARN + for ip in $WARN_PEERS; do + if [ "x$ip" == "x$peer" ]; then + EMAILADDR="$EMAILADDR,$EMAILADDR_WARN" + TYPE="WARNING" + break + fi + done + + + # convert peer state + case "$peerstate" in + 1) peerstate="Idle" ;; + 2) peerstate="Connect" ;; + 3) peerstate="Active" ;; + 4) peerstate="Opensent" ;; + 5) peerstate="Openconfirm" ;; + 6) peerstate="Established" ;; + *) peerstate="Unknown" ;; + esac + + # get textual messages for errors + case "$errorcode" in + 00) + error="No error" + suberror="" + ;; + 01) + error="Message Header Error" + case "$suberrorcode" in + 01) suberror="Connection Not Synchronized" ;; + 02) suberror="Bad Message Length" ;; + 03) suberror="Bad Message Type" ;; + *) suberror="Unknown" ;; + esac + ;; + 02) + error="OPEN Message Error" + case "$suberrorcode" in + 01) suberror="Unsupported Version Number" ;; + 02) suberror="Bad Peer AS" ;; + 03) suberror="Bad BGP Identifier" ;; + 04) suberror="Unsupported Optional Parameter" ;; + 05) suberror="Authentication Failure" ;; + 06) suberror="Unacceptable Hold Time" ;; + *) suberror="Unknown" ;; + esac + ;; + 03) + error="UPDATE Message Error" + case "$suberrorcode" in + 01) suberror="Malformed Attribute List" ;; + 02) suberror="Unrecognized Well-known Attribute" ;; + 03) suberror="Missing Well-known Attribute" ;; + 04) suberror="Attribute Flags Error" ;; + 05) suberror="Attribute Length Error" ;; + 06) suberror="Invalid ORIGIN Attribute" ;; + 07) suberror="AS Routing Loop" ;; + 08) suberror="Invalid NEXT_HOP Attribute" ;; + 09) suberror="Optional Attribute Error" ;; + 10) suberror="Invalid Network Field" ;; + 11) suberror="Malformed AS_PATH" ;; + *) suberror="Unknown" ;; + esac + ;; + 04) + error="Hold Timer Expired" + suberror="" + ;; + 05) + error="Finite State Machine Error" + suberror="" + ;; + 06) + error="Cease" + case "$suberrorcode" in + 01) suberror="Maximum Number of Prefixes Reached" ;; + 02) suberror="Administratively Shutdown" ;; + 03) suberror="Peer Unconfigured" ;; + 04) suberror="Administratively Reset" ;; + 05) suberror="Connection Rejected" ;; + 06) suberror="Other Configuration Change" ;; + 07) suberror="Connection collision resolution" ;; + 08) suberror="Out of Resource" ;; + 09) suberror="MAX" ;; + *) suberror="Unknown" ;; + esac + ;; + *) + error="Unknown" + suberror="" + ;; + esac + + # create textual message from errorcodes + if [ "x$suberror" == "x" ]; then + NOTIFY="$errorcode ($error)" + else + NOTIFY="$errorcode/$suberrorcode ($error/$suberror)" + fi + + + # form a decent subject + SUBJECT="$TYPE: $ROUTER [bgp] $peer is $peerstate: $NOTIFY" + # create the email body + MAIL=`cat << EOF + BGP notification on router $ROUTER. + + Peer: $peer + AS: $remoteas + New state: $peerstate + Notification: $NOTIFY + + Info: + $asname + $asdescr + + Snmpd uptime: $uptime + EOF` + + # mail the notification + echo "$MAIL" | mail -s "$SUBJECT" $EMAILADDR +@end verbatim + +@comment contributed by unknown contributer, please contact maintainers +@comment for credit / attribution. |