OpenBSD manual page server

Manual Page Search Parameters

LDPD.CONF(5) File Formats Manual LDPD.CONF(5)

ldpd.confLDP routing daemon configuration file

The ldpd(8) daemon implements the Label Distribution Protocol as described in RFC 5036.

The ldpd.conf config file is divided into the following main sections:

User-defined variables may be defined and used later, simplifying the configuration file.
Global settings for ldpd(8).
Address-family specific parameters.
Interface-specific parameters.
Targeted neighbor specific parameters.
Neighbor-specific parameters.
Layer 2 VPNs parameters as per RFC 4447.

Argument names not beginning with a letter, digit, or underscore must be quoted.

Additional configuration files can be included with the include keyword, for example:

include "/etc/ldpd.sub.conf"

Much like cpp(1) or m4(1), macros can be defined that will later be expanded in context. Macro names must start with a letter, digit, or underscore, and may contain any of those characters. Macro names may not be reserved words (for example, neighbor). Macros are not expanded inside quotes.

Several settings can be configured globally or within a more restricted scope, like per address-family or per interface. The only settings that can be set globally and not overruled are listed below.

(yes|no)
If set to yes, Cisco non-compliant format will be used to send and interpret the Dual-Stack capability TLV. The default is no.

(yes|no)
If set to no, do not update the Label Forwarding Information Base, a.k.a. the kernel routing table. The default is yes.

tableid
Specifies the routing table ldpd(8) should modify. Table 0 is the default table.

address
Set the router ID; in combination with labelspace it forms the LSR-ID. If not specified, the numerically lowest IP address of the router will be used.

secret [lsr-id[/prefix]]
 
secret [lsr-id[/prefix]]
 
[lsr-id[/prefix]]
Enable or disable TCP MD5 signatures per RFC 5036. The shared secret can either be given as a password or hexadecimal key. An optional prefix may be specified to scope the key configuration to a set of neighbors with the specified LSR-IDs.
tcp md5sig password mekmitasdigoat 192.168.0.0/24
no tcp md5sig 192.168.0.25

(ipv4|ipv6)
Specify the preferred address-family for TCP transport connections. If two dual-stack LSRs preferences does not match, no LDP session will be established. The default is ipv6.

Each address-family can have several parameters configured individually, otherwise they are inherited.

address-family ipv6 {
	explicit-null yes
	transport-address 2001:db8::50
	interface em0
}

(yes|no)
If set to yes, advertise explicit-null labels in place of implicit-null labels for directly connected prefixes. The default is no.

(yes|no)
If set to yes, ldpd(8) will use the GTSM procedures described in RFC 6720 (for the IPv4 address-family) and RFC 7552 (for the IPv6 address-family).

Since GTSM is mandatory for LDPv6, the only effect of disabling GTSM for the IPv6 address-family is that ldpd(8) will not discard packets with a hop limit below 255. This may be necessary to interoperate with older implementations. Outgoing packets will still be sent using a hop limit of 255 for maximum compatibility.

If GTSM is enabled, multi-hop neighbors should have either GTSM disabled individually or configured with an appropriate gtsm-hops distance. The default is yes.

seconds
Set the keepalive timeout in seconds. The default value is 180; valid range is 3-65535.

(yes|no)
If set to yes, allow LDP sessions to be established with remote neighbors that have not been specifically configured. The default is no.

address
Set the local address to be used in the TCP sessions. For the IPv4 address-family, the router-id will be used if this option is not specified. For the IPv6 address-family, this option must be specified.

Each interface can have several parameters configured individually, otherwise they are inherited.

address-family ipv4 {
	interface em0 {
		link-hello-holdtime 9
		link-hello-interval 3
	}
}

Interface-specific parameters are listed below.

Set the hello holdtime in seconds. The maximum time ldpd(8) will wait between two consecutive hello messages from a peer before it is marked as being down. The default value is 15; valid range is 3-65535.
Set the hello interval in seconds. The default value is 5; valid range is 1-65535.

Each targeted neighbor can have several parameters configured individually, otherwise they are inherited.

address-family ipv4 {
	targeted-neighbor A.B.C.D {
		targeted-hello-holdtime 90
		targeted-hello-interval 10
	}
}
address-family ipv6 {
	targeted-neighbor 2001:db8::1
}

Targeted-neighbor specific parameters are listed below.

seconds
Set the hello holdtime in seconds. The maximum time ldpd(8) will wait between two consecutive hello messages from a peer before it is marked as being down. The default value is 45.
seconds
Set the hello interval in seconds. The default value is 5; valid range is 1-65535.

The neighbor section allows for the configuration of neighbor-specific parameters. Note, however, that ldpd(8) uses the hello discovery mechanism to discover its neighbors. Without an underlying adjacency these commands have no effect. A neighbor is identified by its LSR-ID, not by its remote address. The neighbor-specific parameters apply for both LDPoIPv4 and LDPoIPv6 sessions.

neighbor A.B.C.D {
}

Neighbor-specific parameters are listed below.

seconds
Set the keepalive timeout in seconds. Inherited from the global configuration if not given. Valid range is 3-65535.
(yes|no)
Override the inherited configuration and enable/disable GTSM for this neighbor.
hops
Set the maximum number of hops the neighbor may be away. When GTSM is enabled for this neighbor, incoming packets are required to have a TTL/hop limit of 256 minus this value, ensuring they have not passed through more than the expected number of hops. The default value is 1; valid range is 1-255.
secret
Enable TCP MD5 signatures per RFC 5036 with the specified password.
secret
Enable TCP MD5 signatures per RFC 5036 with the specified hexadecimal key.
Disable the use of TCP MD5 signatures.

ldpd(8) implements the signaling of pseudowires which can be used to implement either the VPWS solution (also known as PWE3) or the VPLS solution. Currently only the VPLS solution is supported.

l2vpn name type vpls {
        bridge bridge0
        interface em1
        pseudowire mpw1 {
                pw-id 100
                neighbor-id 192.168.1.10
        }
        pseudowire mpw2 {
                pw-id 200
                neighbor-id 10.0.1.5
        }
}

Layer 2 VPN specific parameters are listed below.

interface
Set the bridge interface the VPLS is associated with. This parameter is optional and is only used to remove MAC addresses received from MAC address withdrawal messages. Only one bridge interface can be set.
interface
Configure a non pseudowire interface pertaining to the VPLS. This parameter is optional and is only used to send MAC address withdrawal messages when the specified interface is shutdown. Multiple interfaces can be configured.
number
Set the MTU advertised in the pseudowires. Local and remote MTUs must match for a pseudowire to be set up. The default value is 1500.
(ethernet|ethernet-tagged)
Specify the type of the configured pseudowires. The type must be the same at both endpoints. The default is ethernet.

Each mpw(4) pseudowire interface can have several parameters configured individually, otherwise they are inherited. A pseudowire interface is specified by its name.

pseudowire mpw5 {
	pw-id 5000
	neighbor-id 172.16.1.50
}

Pseudowire-specific parameters are listed below.

(yes|no)
Specify whether the use of the control word is preferred or not preferred. The default is yes.
address
Specify the IPv4 or IPv6 address of the remote endpoint of the pseudowire. A targeted neighbor will automatically be created for this address. By default, the LSR-ID of the remote endpoint of the pseudowire will be used.
address
Specify the LSR-ID of the remote endpoint of the pseudowire.
number
Set the PW ID used to identify the pseudowire. The PW ID must be the same at both endpoints. Valid range is 1-4294967295.
(yes|no)
Specify whether the use of the Status TLV is preferred or not preferred. The default is yes.

/etc/ldpd.conf
ldpd(8) configuration file.
/etc/examples/ldpd.conf
Example configuration file.

ldpctl(8), ldpd(8), rc.conf.local(8)

The ldpd.conf file format first appeared in OpenBSD 4.6.

March 2, 2023 OpenBSD-7.5