OpenBSD manual page server

NAME

ldpd.conf — LDP routing daemon configuration file

DESCRIPTION

The ldpd(8) daemon implements the Label Distribution Protocol as described in RFC 5036.

The ldpd.conf config file is divided into the following main sections:

Macros

User-defined variables may be defined and used later, simplifying the configuration file.

Global Configuration

Global settings for ldpd(8).

Address-Family Configuration

Address-family specific parameters.

Interfaces Configuration

Interface-specific parameters.

Targeted Neighbors Configuration

Targeted neighbor specific parameters.

Neighbors Configuration

Neighbor-specific parameters.

Layer 2 VPNs Configuration

Layer 2 VPNs parameters as per RFC 4447.

Argument names not beginning with a letter, digit, or underscore must be quoted.

Additional configuration files can be included with the include keyword, for example:

include "/etc/ldpd.sub.conf"

MACROS

Much like cpp(1) or m4(1), macros can be defined that will later be expanded in context. Macro names must start with a letter, digit, or underscore, and may contain any of those characters. Macro names may not be reserved words (for example, neighbor). Macros are not expanded inside quotes.

GLOBAL CONFIGURATION

Several settings can be configured globally or within a more restricted scope, like per address-family or per interface. The only settings that can be set globally and not overruled are listed below.

ds-cisco-interop (yes|no)

If set to yes, Cisco non-compliant format will be used to send and interpret the Dual-Stack capability TLV. The default is no.

fib-update (yes|no)

If set to no, do not update the Label Forwarding Information Base, a.k.a. the kernel routing table. The default is yes.

rdomain tableid

Specifies the routing table ldpd(8) should modify. Table 0 is the default table.

router-id address

Set the router ID; in combination with labelspace it forms the LSR-ID. If not specified, the numerically lowest IP address of the router will be used.

tcp md5sig password secret [lsr-id[/prefix]]

 

tcp md5sig key secret [lsr-id[/prefix]]

 

no tcp md5sig [lsr-id[/prefix]]

Enable or disable TCP MD5 signatures per RFC 5036. The shared secret can either be given as a password or hexadecimal key. An optional prefix may be specified to scope the key configuration to a set of neighbors with the specified LSR-IDs.

tcp md5sig password mekmitasdigoat 192.168.0.0/24
no tcp md5sig 192.168.0.25

transport-preference (ipv4|ipv6)

Specify the preferred address-family for TCP transport connections. If two dual-stack LSRs preferences does not match, no LDP session will be established. The default is ipv6.

ADDRESS-FAMILY CONFIGURATION

Each address-family can have several parameters configured individually, otherwise they are inherited.

address-family ipv6 {
	explicit-null yes
	transport-address 2001:db8::50
	interface em0
}

explicit-null (yes|no)

If set to yes, advertise explicit-null labels in place of implicit-null labels for directly connected prefixes. The default is no.

gtsm-enable (yes|no)

If set to yes, ldpd(8) will use the GTSM procedures described in RFC 6720 (for the IPv4 address-family) and RFC 7552 (for the IPv6 address-family).

Since GTSM is mandatory for LDPv6, the only effect of disabling GTSM for the IPv6 address-family is that ldpd(8) will not discard packets with a hop limit below 255. This may be necessary to interoperate with older implementations. Outgoing packets will still be sent using a hop limit of 255 for maximum compatibility.

If GTSM is enabled, multi-hop neighbors should have either GTSM disabled individually or configured with an appropriate gtsm-hops distance. The default is yes.

keepalive seconds

Set the keepalive timeout in seconds. The default value is 180; valid range is 3-65535.

targeted-hello-accept (yes|no)

If set to yes, allow LDP sessions to be established with remote neighbors that have not been specifically configured. The default is no.

transport-address address

Set the local address to be used in the TCP sessions. For the IPv4 address-family, the router-id will be used if this option is not specified. For the IPv6 address-family, this option must be specified.

INTERFACES

Each interface can have several parameters configured individually, otherwise they are inherited.

address-family ipv4 {
	interface em0 {
		link-hello-holdtime 9
		link-hello-interval 3
	}
}

Interface-specific parameters are listed below.

link-hello-holdtime seconds

Set the hello holdtime in seconds. The maximum time ldpd(8) will wait between two consecutive hello messages from a peer before it is marked as being down. The default value is 15; valid range is 3-65535.

link-hello-interval seconds

Set the hello interval in seconds. The default value is 5; valid range is 1-65535.

TARGETED NEIGHBORS

Each targeted neighbor can have several parameters configured individually, otherwise they are inherited.

address-family ipv4 {
	targeted-neighbor A.B.C.D {
		targeted-hello-holdtime 90
		targeted-hello-interval 10
	}
}
address-family ipv6 {
	targeted-neighbor 2001:db8::1
}

Targeted-neighbor specific parameters are listed below.

targeted-hello-holdtime seconds

Set the hello holdtime in seconds. The maximum time ldpd(8) will wait between two consecutive hello messages from a peer before it is marked as being down. The default value is 45.

targeted-hello-interval seconds

Set the hello interval in seconds. The default value is 5; valid range is 1-65535.

NEIGHBORS

The neighbor section allows for the configuration of neighbor-specific parameters. Note, however, that ldpd(8) uses the hello discovery mechanism to discover its neighbors. Without an underlying adjacency these commands have no effect. A neighbor is identified by its LSR-ID, not by its remote address. The neighbor-specific parameters apply for both LDPoIPv4 and LDPoIPv6 sessions.

neighbor A.B.C.D {
}

Neighbor-specific parameters are listed below.

keepalive seconds

Set the keepalive timeout in seconds. Inherited from the global configuration if not given. Valid range is 3-65535.

gtsm-enable (yes|no)

Override the inherited configuration and enable/disable GTSM for this neighbor.

gtsm-hops hops

Set the maximum number of hops the neighbor may be away. When GTSM is enabled for this neighbor, incoming packets are required to have a TTL/hop limit of 256 minus this value, ensuring they have not passed through more than the expected number of hops. The default value is 1; valid range is 1-255.

tcp md5sig password secret

Enable TCP MD5 signatures per RFC 5036 with the specified password.

tcp md5sig key secret

Enable TCP MD5 signatures per RFC 5036 with the specified hexadecimal key.

no tcp md5sig

Disable the use of TCP MD5 signatures.

LAYER 2 VPNS

ldpd(8) implements the signaling of pseudowires which can be used to implement either the VPWS solution (also known as PWE3) or the VPLS solution. Currently only the VPLS solution is supported.

l2vpn name type vpls {
        bridge bridge0
        interface em1
        pseudowire mpw1 {
                pw-id 100
                neighbor-id 192.168.1.10
        }
        pseudowire mpw2 {
                pw-id 200
                neighbor-id 10.0.1.5
        }
}

Layer 2 VPN specific parameters are listed below.

bridge interface

Set the bridge interface the VPLS is associated with. This parameter is optional and is only used to remove MAC addresses received from MAC address withdrawal messages. Only one bridge interface can be set.

interface interface

Configure a non pseudowire interface pertaining to the VPLS. This parameter is optional and is only used to send MAC address withdrawal messages when the specified interface is shutdown. Multiple interfaces can be configured.

mtu number

Set the MTU advertised in the pseudowires. Local and remote MTUs must match for a pseudowire to be set up. The default value is 1500.

type (ethernet|ethernet-tagged)

Specify the type of the configured pseudowires. The type must be the same at both endpoints. The default is ethernet.

PSEUDOWIRES

Each mpw(4) pseudowire interface can have several parameters configured individually, otherwise they are inherited. A pseudowire interface is specified by its name.

pseudowire mpw5 {
	pw-id 5000
	neighbor-id 172.16.1.50
}

Pseudowire-specific parameters are listed below.

control-word (yes|no)

Specify whether the use of the control word is preferred or not preferred. The default is yes.

neighbor-addr address

Specify the IPv4 or IPv6 address of the remote endpoint of the pseudowire. A targeted neighbor will automatically be created for this address. By default, the LSR-ID of the remote endpoint of the pseudowire will be used.

neighbor-id address

Specify the LSR-ID of the remote endpoint of the pseudowire.

pw-id number

Set the PW ID used to identify the pseudowire. The PW ID must be the same at both endpoints. Valid range is 1-4294967295.

status-tlv (yes|no)

Specify whether the use of the Status TLV is preferred or not preferred. The default is yes.

FILES

/etc/ldpd.conf

ldpd(8) configuration file.

/etc/examples/ldpd.conf

Example configuration file.

SEE ALSO

ldpctl(8), ldpd(8), rc.conf.local(8)

HISTORY

The ldpd.conf file format first appeared in OpenBSD 4.6.