rtconfig(1)rtconfig(1)NAMErtconfigSYNOPSISrtconfig [flags]
DESCRIPTIONrtconfig analyzes the routing policies registered in the Internet Rout‐
ing Registry (IRR) and produces router configuration files. It cur‐
rently supports cisco and junos router configuration file formats.
rtconfig reads lines form the standard input, and prints them to the
standard output, except for the lines that start with "@rtconfig" which
instruct rtconfig to perform special operation (please see "rtconfig
Commands" Section below). rtconfig establishes a whois connection to
query IRR.
IRRToolSet COMMON OPTIONS-help Print summary of command-line options and abort.
-T [whois_query | whois_response | input | all]
Trace the argument. Useful for debugging.
-D <integer>
Print debugging messages of debug channel <integer> (if
compiled with ENABLE_DEBUG defined).
-version
Print the version number and quit.
-h <host-name>
Establish a whois connection to host <host-name>. The
default is whois.radb.net.
-p <port-no>
Establish an whois connection to port <port-no>. The
default is 43.
-protocol <protocol>
Use the <protocol> to connect to the IRR server. <proto‐
col> can be irrd(rawhoisd) or ripe(bird). The default is
irrd.
-s <source-list>
Consider the sources specified in the comma separated
<source-list>. If an object is defined in multiple
sources in <source-list>, rtconfig uses the definition
first encountered in <source-list> from left to right.
-f <file-name>
IRR cache file. You can have any RPSL object in this
file, except route objects. They will override these
objects in IRR. This option is intended for private
objects, or to test new public objects before publishing.
You can specify more than one cache file by specifying
this option repeatedly.
-rusage
Print resource usage upon completion.
-prompt <new-prompt>
Change the prompt to <new-prompt> when invoked interac‐
tively. By default the prompt is "rtconfig> ".
-ignore_errors
Do not print error and warning messages due to communica‐
tion to the database server or parsing policy objects.
-report_errors
Print error and warning messages due to communication to
the database server or parsing policy objects.
OTHER OPTIONS-config <config-format>
Produce router configuration in <config-format> which is
either cisco (default) or junos.
-no_match_ip_inbound
In older Cisco IOS versions, in-bound route maps did not
support ip access-list matches. Use of this option
causes rtconfig to use distribute-lists to overcome this
limitation.
-asdot Print AS numbers as asdot, i.e. in "X.Y" format; the
default is to use RFC-5396 recommended "asplain" format.
-disable_access_list_cache
rtconfig caches the access-lists (and in the future ip
as-path access-lists and route-maps) that it generates so
that the same access-list number can be reused instead of
generating a new access list. If you do not want rtcon‐
fig to consume much memory, -disable_access_list_cache
option can be used to turn off this feature. However, if
you are short on memory on your cisco box, you should
leave this feature enabled.
-supress_martian
Deprecated. Properly maintained martian and bogon lists
are visible in both the RIPE and Merit whois servers
(e.g. "fltr-bogons", "fltr-unallocated" and "fltr-mar‐
tian" objects), and can be referenced using standard
RPSL.
-cisco_no_compress_acls
This option only affects cisco configurations. This
option is used to disable combining multiple cisco access
list lines into a single line using wildcards whenever
possible.
-cisco_use_prefix_lists
This option only affects cisco configurations. This
option instructs rtconfig to output prefix-lists which
yield higher performace than access-lists. This flag
implies -cisco_compress_acls.
-cisco_eliminate_dup_map_parts
This option only affects cisco configurations. This
option instructs rtconfig to eliminate a later map part
if its filter is covered by earlier map parts.
-cisco_skip_route_maps
This option only affects cisco configurations. This
option instructs rtconfig not to print route maps, hence
it only prints access lists.
-cisco_force_tilda
This option only affects cisco configurations. It forces
* and + operators in AS path regular expressions to be
interpreted as ~* and ~+ operators. This is useful if
you get as path access lists with real long lines, it
will force them to multiple lines.
-cisco_empty_lists
This option only affects Cisco configurations. It forces
interpreting ANY/NOT ANY prefix filters as univer‐
sal/empty set of prefixes, and produces access lists for
them. By default only warning is issued.
-cisco_no_default_afi
Causes rtconfig not to assume that ipv4.unicast is the
router's default address family. IPv4 peers will then
have ipv4.unicast explicitly activated and policy will be
set in ipv4.unicast address family. Useful when the
router is configured with "no bgp default ipv4-unicast".
ENVIRONMENT VARIABLES
IRR_HOST
Specifies the IRR host to connect.
IRR_PORT
Specifies the IRR port number to connect.
IRR_SOURCES
Specifies the source list (comma separated) to consider.
Command line options take precedence over environment variables.
rtconfig COMMANDSrtconfig copies standard input to standard output except when it
encounters rtconfig commands on the standard input. All rtconfig com‐
mands start with "@rtconfig" at the beginning of a line. Currently the
following commands are implemented:
@rtconfig import <ASN-1> <rtr-1> <ASN-2> <rtr-2>
<ASN-1> and <ASN-2> are AS numbers preceded with string
"AS". For example, AS number 1 is specified as "AS1".
<rtr-1> and <rtr-2> are ip addresses in prefix notation.
For example, the router with address 128.9.128.9 is spec‐
ified as "128.9.128.9". This command instructs rtconfig
to generate import filters where <rtr-1> in <ASN-1> is
importing routes from <rtr-2> in <ASN-2>. The appropri‐
ate filters are generated by considering the import/mp-
import lines for <ASN-2>-<rtr-1>-<rtr-2> in the aut-num
object for <ASN-1>.
@rtconfig export <ASN-1> <rtr-1> <ASN-2> <rtr-2>
The arguments of the export command are the same as the
import command. This command instructs rtconfig to gen‐
erate export filters where <rtr-1> in <ASN-1> is export‐
ing routes to <rtr-2> in <ASN-2>. The appropriate fil‐
ters are generated by considering the export/mp-export
lines for <ASN-2>-<rtr-1>-<rtr-2> in the aut-num object
for <ASN-1>.
@rtconfig configureRouter <inet-rtr-name>
<inet-rtr-name> is the DNS name of an inet-rtr object.
This command will use the named inet-rtr object, and con‐
figure import/mp-import and export/mp-export policies for
each of the BGP4 peers of the router (using the peer
attribute).
@rtconfig importGroup <ASN-1> <peering-set-name>
@rtconfig exportGroup <ASN-1> <peering-set-name>
<peering-set-name> is a name of a peering set object.
This command instructs rtconfig to generate import/mp-
import (export/mp-export) filters where <ASN-1> is
importing (exporting) routes from (to) the peers listed
in <peering-set-name>. The aut-num object for <ASN-1>
should have an import/mp-import (export/mp-export)
attribute using the peering set's name.
@rtconfig static2bgp <ASN-1> <rtr-1>
This command instructs rtconfig to generate inject fil‐
ters where <rtr-1> in <ASN-1> is injecting static routes
into BGP4. The appropriate filters are generated by con‐
sidering the import/mp-import policies of <ASN-1> where
"protocol STATIC" or "protocol STATIC into BGP4" is used.
@rtconfig set sources = <source-list>
<source-list> is string containing comma separated list
of sources to consider. This command instruct rtconfig
to change the list of sources considered.
@rtconfig access_list filter <filter>
<filter> is an RPSL filter over AS numbers, AS set names
and route set names using operators AND, OR and NOT.
This command instruct rtconfig to generate an access list
for <filter>. <mp-filter> is also accepted.
@rtconfig aspath_access_list filter <filter>
<filter> is an RPSL filter over AS path regular expres‐
sions using operators AND, OR and NOT. This command
instruct rtconfig to generate an as path access list for
<filter>.
@rtconfig printPrefixes <format> filter <filter>
<format> is a quoted string, and <filter> is an RPSL fil‐
ter over AS numbers, AS set names and route set names
using operators AND, OR and NOT, <mp-filter> is also
accepted. This command instruct rtconfig to print the
prefixes in <filter> using <format>. The <format> can
contain the following escape sequences:
%p prefix
%l length
%L 32-length
%n n (%p/%l^%n-%m, e.g. 128.9.0.0/16^24-32)
%m m
%k mask
%K inverse of mask (i.e. ~mask)
%% %
\n carriage return
\t tab
Example, use:
@rtconfig printPrefixes "net %p \tmask %k\n" filter AS1
@rtconfig printPrefixRanges <format> filter <filter>
This command is same as the "printPrefixes" command,
except the consecutive address prefixes are compressed
into a single address prefix range. <mp-filter> is also
accepted.
@rtconfig printSuperPrefixRanges <format> filter <filter>
This command is same as the "printPrefixRanges" command,
except it compresses more aggresively. The %n and %m
information is lost. But, %D, a set of dont care bits
representing different %n-%m ranges are provided. <mp-
filter> is also accepted.
Cisco specific commands:
@rtconfig set cisco_map_name = <map-name>
<map-name> is a quoted string. This command instruct
rtconfig to use <map-name> as the name for the route maps
generated. If the <map-name> contains %d, it will be
replaced by the peer's AS number. If it contains a sec‐
ond %d, it will be replaced by an integer that is incre‐
mented each time a new map is generated (to ensure unique
map names). The default cisco_map_name is "MyMap_%d_%d".
@rtconfig set cisco_map_first_no = <no>
<no> is an integer. This command instruct rtconfig to
use <no> as the first number of a newly generated route
map. If missing, 1 is used.
@rtconfig set cisco_map_increment_by = <no>
<no> is an integer. This command instruct rtconfig to
increment route map numbers by <no>. If missing, succes‐
sive route maps are numbered by increments of 1.
@rtconfig set cisco_prefix_acl_no = <no>
<no> is an integer. This command instruct rtconfig to
start numbering prefix access lists at <no>.
@rtconfig set cisco_aspath_acl_no = <no>
<no> is an integer. This command instruct rtconfig to
start numbering aspath access lists at <no>.
@rtconfig set cisco_pktfilter_acl_no = <no>
<no> is an integer. This command instruct rtconfig to
start numbering inbound/outbound packet filter access
lists at <no>.
@rtconfig set cisco_community_acl_no = <no>
<no> is an integer. This command instruct rtconfig to
start numbering community access lists at <no>.
@rtconfig set cisco_access_list_no = <no>
<no> is an integer. This command instruct rtconfig to
start numbering all access lists at <no>.
@rtconfig set cisco_max_preference = <no>
<no> is an integer defaulting to 1000. This command
instruct rtconfig to start using preferences from <no>
(most preferred) and counting down from there.
@rtconfig networks <ASN-1>
<ASN-1> is an AS number preceded with string "AS". For
each route registered with origin <ASN-1>, a network
statement of the form "network <prefix> mask <mask>" is
generated.
@rtconfig v6networks <ASN-1>
<ASN-1> is an AS number preceded with string "AS". For
each route6 registered with origin <ASN-1>, a network
statement of the form "network <prefix> mask <mask>" is
generated.
@rtconfig default <ASN-1> <ASN-2>
<ASN-1> and <ASN-2> are AS numbers preceded with string
"AS". This command instructs rtconfig to generate "ip
default-network" statements where <ASN-1> is defaulting
to <ASN-2>. The appropriate statements are generated for
the network addresses listed in the default attribute for
<ASN-2> in the aut-num object of <ASN-1>.
@rtconfig inbound_pkt_filter <if-name> <ASN-1> <rtr-1> <ASN-2>
<rtr-2>
The arguments of the inbound_pkt_filter command are the
same as the import command. This command instructs
rtconfig to generate packet filters where <rtr-1> in
<ASN-1> is going to drop data packets that are received
from <rtr-2> in <ASN-2>, but do not have source addresses
inside the address prefixes imported from this peer. The
appropriate filters are generated by considering the
import lines for <ASN-2>-<rtr-1>-<rtr-2> in the aut-num
object for <ASN-1>. The filter is applied to the inter‐
face <if-name> in the inbound direction. The <if-name>
is a string and must be enclosed in double quotes.
@rtconfig pkt_filter <if-name> <ASN-1> <rtr-1> <ASN-2> <rtr-2>
An alias for inbound_pkt_filter. Now deprecated.
@rtconfig outbound_pkt_filter <if-name> <ASN-1> <rtr-1> <ASN-2>
<rtr-2>
Same as the pkt_filter command, except the appropriate
filters are generated by considering the export lines for
<ASN-2>-<rtr-1>-<rtr-2> in the aut-num object for
<ASN-1>. The filter is applied to the interface <if-
name> in the outbound direction.
Junos specific commands:
@rtconfig set junos_policy_name = <policy-name>
<policy-name> is a quoted string. This command instruct
rtconfig to use <policy-name> as the name for the policy
statements generated. If the <policy-name> contains %d,
it will be replaced by the peer's AS number. If it con‐
tains a second %d, it will be replaced by an integer that
is incremented each time a new map is generated (to
ensure unique map names). The default junos_map_name is
"policy_%d_%d".
@rtconfig networks <ASN-1>
<ASN-1> is an AS number preceded with string "AS". For
each route registered with origin <ASN-1>, a network
statement of the form "network <prefix> mask <mask>" is
generated. This needs to be Juniperized.
EXAMPLES
Here is an example input file:
!
version 10.3
!
interface Ethernet0/0
ip address 198.32.4.1 255.255.255.0
!
router bgp 4550
neighbor 198.32.4.25 remote-as 4551
!
@rtconfig set cisco_map_name = "mymap"
@rtconfig set cisco_access_list_no = 500
@rtconfig import AS4550 198.32.4.1 AS4551 198.32.4.25
!
end
Please see the tests directory in the distribution for more examples.
LIMITATIONS
Cisco Configuration Generation:
Policies in IRR which has as-path regular expressions containing
[,] are only converted if (1) it is not a negated set, (2) it
does not contain ranges with more than 10 numbers in the range.
The following examples are not converted:
[^ AS1]
[AS1-AS11]
The first one is not converted because it is a negated set. The
second one is not converted because AS1-AS11 contains 11 num‐
bers. The following examples are converted:
[AS1 AS56 AS100]
[AS1-AS10]
[AS5 AS100-AS105 AS200 AS300-AS307]
Note that the last example contains 16 numbers which is more
than 10. This is converted since no single range (AS100-AS105 or
AS300-AS307) contains more than 10 numbers.
ERROR AND WARNING MESSAGES
Error in template file
Wrong rtconfig command, syntax or arguments to rtconfig command.
Error: config file format <config_format> is not supported...
Unknown config format specified. Supported formats are: cisco,
junos.
Error: no object for router: <router_name>
inet-rtr object cannot be found in the specified IRR for speci‐
fied source. It can be a typo or a real error, and the object is
non-existent.
Error: no object for AS <as_number>
aut-num object cannot be found in the specified IRR for speci‐
fied source. It can be a typo or a real error, and the object is
non-existent.
Unknown operator:
Syntax error in format specification, check the description of
the printPrefixes command.
Error: Badly formed prefix filter
Syntax error in prefix filter specification. See RFC [2622]
(Address prefix filters)
Error: Badly formed AS_path filter
Syntax error in AS_path filter specification. See RFC [2622]
(AS_path filters)
Warning: filter matches ANY/NOT ANY
Filter is empty or universal, i.e. matches none or all prefixes
respectively.
Warning: AS <as_no> has no import(export) policy for AS <peer_as>
<peer_IP> at <local_IP>
The matching import(export) policy cannot be found in the aut-
num object for <as_no>, for peering aut-num <peer_as> with
<peer_IP> at <local_IP> address. It can be a typo or your policy
is incomplete. Check your aut-num object.
Warning: AS <as_no> has no default policy for AS <peer_as>
The matching default policy cannot be found int the aut-num
object for <as_no>
Warning: unimplemented method <rp_attr>.<method>
Unimplemented method for this rp_attribute is specified. This
error indicates that method is correctly specified in RPSL dic‐
tionary, but has no actual implementation for rtconfig.
For more error descriptions, please see irrtoolset-errors manual page.
AUTHORS AND CONTRIBUTORS
Cengiz Alaettinoglu <cengiz@isi.edu> Katie Petrusha <katie@ripe.net>
local rtconfig(1)