1.\" $OpenBSD: ldpd.conf.5,v 1.42 2023/03/02 17:09:53 jmc Exp $ 2.\" 3.\" Copyright (c) 2013, 2016 Renato Westphal <renato@openbsd.org> 4.\" Copyright (c) 2009 Michele Marchetto <michele@openbsd.org> 5.\" Copyright (c) 2005, 2006 Esben Norby <norby@openbsd.org> 6.\" Copyright (c) 2004 Claudio Jeker <claudio@openbsd.org> 7.\" Copyright (c) 2003, 2004 Henning Brauer <henning@openbsd.org> 8.\" Copyright (c) 2002 Daniel Hartmeier <dhartmei@openbsd.org> 9.\" 10.\" Permission to use, copy, modify, and distribute this software for any 11.\" purpose with or without fee is hereby granted, provided that the above 12.\" copyright notice and this permission notice appear in all copies. 13.\" 14.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 15.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 16.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 17.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 18.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 19.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 20.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 21.\" 22.Dd $Mdocdate: March 2 2023 $ 23.Dt LDPD.CONF 5 24.Os 25.Sh NAME 26.Nm ldpd.conf 27.Nd LDP routing daemon configuration file 28.Sh DESCRIPTION 29The 30.Xr ldpd 8 31daemon implements the Label Distribution Protocol as described in RFC 5036. 32.Pp 33The 34.Nm 35config file is divided into the following main sections: 36.Bl -tag -width xxxx 37.It Sy Macros 38User-defined variables may be defined and used later, simplifying the 39configuration file. 40.It Sy Global Configuration 41Global settings for 42.Xr ldpd 8 . 43.It Sy Address-Family Configuration 44Address-family specific parameters. 45.It Sy Interfaces Configuration 46Interface-specific parameters. 47.It Sy Targeted Neighbors Configuration 48Targeted neighbor specific parameters. 49.It Sy Neighbors Configuration 50Neighbor-specific parameters. 51.It Sy Layer 2 VPNs Configuration 52Layer 2 VPNs parameters as per RFC 4447. 53.El 54.Pp 55Argument names not beginning with a letter, digit, or underscore 56must be quoted. 57.Pp 58Additional configuration files can be included with the 59.Ic include 60keyword, for example: 61.Bd -literal -offset indent 62include "/etc/ldpd.sub.conf" 63.Ed 64.Sh MACROS 65Much like 66.Xr cpp 1 67or 68.Xr m4 1 , 69macros can be defined that will later be expanded in context. 70Macro names must start with a letter, digit, or underscore, 71and may contain any of those characters. 72Macro names may not be reserved words (for example, 73.Ic neighbor ) . 74Macros are not expanded inside quotes. 75.Sh GLOBAL CONFIGURATION 76Several settings can be configured globally or within a more restricted scope, 77like per address-family or per interface. 78The only settings that can be set globally and not overruled are listed below. 79.Pp 80.Bl -tag -width Ds -compact 81.It Xo 82.Ic ds-cisco-interop 83.Pq Ic yes Ns | Ns Ic no 84.Xc 85If set to 86.Ic yes , 87Cisco non-compliant format will be used to send and interpret the Dual-Stack 88capability TLV. 89The default is 90.Ic no . 91.Pp 92.It Xo 93.Ic fib-update 94.Pq Ic yes Ns | Ns Ic no 95.Xc 96If set to 97.Ic no , 98do not update the Label Forwarding Information Base, a.k.a. the kernel routing 99table. 100The default is 101.Ic yes . 102.Pp 103.It Ic rdomain Ar tableid 104Specifies the routing table 105.Xr ldpd 8 106should modify. 107Table 0 is the default table. 108.Pp 109.It Ic router-id Ar address 110Set the router ID; in combination with labelspace it forms the LSR-ID. 111If not specified, the numerically lowest IP address of the router will be used. 112.Pp 113.It Xo 114.Ic tcp md5sig password Ar secret 115.Op Ar lsr-id Ns Op / Ns Ar prefix 116.Xc 117.It Xo 118.Ic tcp md5sig key Ar secret 119.Op Ar lsr-id Ns Op / Ns Ar prefix 120.Xc 121.It Xo 122.Ic no tcp md5sig 123.Op Ar lsr-id Ns Op / Ns Ar prefix 124.Xc 125Enable or disable TCP MD5 signatures per RFC 5036. 126The shared secret can either be given as a password or hexadecimal key. 127An optional prefix may be specified to scope the key configuration to a 128set of neighbors with the specified LSR-IDs. 129.Bd -literal -offset indent 130tcp md5sig password mekmitasdigoat 192.168.0.0/24 131no tcp md5sig 192.168.0.25 132.Ed 133.Pp 134.It Xo 135.Ic transport-preference 136.Pq Ic ipv4 Ns | Ns Ic ipv6 137.Xc 138Specify the preferred address-family for TCP transport connections. 139If two dual-stack LSRs preferences does not match, no LDP session will 140be established. 141The default is 142.Ic ipv6 . 143.El 144.Sh ADDRESS-FAMILY CONFIGURATION 145Each address-family can have several parameters configured 146individually, otherwise they are inherited. 147.Bd -literal -offset indent 148address-family ipv6 { 149 explicit-null yes 150 transport-address 2001:db8::50 151 interface em0 152} 153.Ed 154.Pp 155.Bl -tag -width Ds -compact 156.It Xo 157.Ic explicit-null 158.Pq Ic yes Ns | Ns Ic no 159.Xc 160If set to 161.Ic yes , 162advertise explicit-null labels in place of implicit-null labels for directly 163connected prefixes. 164The default is 165.Ic no . 166.Pp 167.It Xo 168.Ic gtsm-enable 169.Pq Ic yes Ns | Ns Ic no 170.Xc 171If set to 172.Ic yes , 173.Xr ldpd 8 174will use the GTSM procedures described in RFC 6720 (for the IPv4 address-family) 175and RFC 7552 (for the IPv6 address-family). 176.Pp 177Since GTSM is mandatory for LDPv6, the only effect of disabling GTSM for the 178IPv6 address-family is that 179.Xr ldpd 8 180will not discard packets with a hop limit below 255. 181This may be necessary to interoperate with older implementations. 182Outgoing packets will still be sent using a hop limit of 255 183for maximum compatibility. 184.Pp 185If GTSM is enabled, multi-hop neighbors should have either GTSM disabled 186individually or configured with an appropriate gtsm-hops distance. 187The default is 188.Ic yes . 189.Pp 190.It Ic keepalive Ar seconds 191Set the keepalive timeout in seconds. 192The default value is 180; valid range is 3\-65535. 193.Pp 194.It Xo 195.Ic targeted-hello-accept 196.Pq Ic yes Ns | Ns Ic no 197.Xc 198If set to 199.Ic yes , 200allow LDP sessions to be established with remote neighbors that have not been 201specifically configured. 202The default is 203.Ic no . 204.Pp 205.It Ic transport-address Ar address 206Set the local address to be used in the TCP sessions. 207For the IPv4 address-family, the router-id will be used if this option is not specified. 208For the IPv6 address-family, this option must be specified. 209.El 210.Sh INTERFACES 211Each interface can have several parameters configured individually, otherwise 212they are inherited. 213.Bd -literal -offset indent 214address-family ipv4 { 215 interface em0 { 216 link-hello-holdtime 9 217 link-hello-interval 3 218 } 219} 220.Ed 221.Pp 222Interface-specific parameters are listed below. 223.Bl -tag -width Ds 224.It Ic link-hello-holdtime Ar seconds 225Set the hello holdtime in seconds. 226The maximum time 227.Xr ldpd 8 228will wait between two consecutive hello messages from a peer before it is 229marked as being down. 230The default value is 15; valid range is 3\-65535. 231.It Ic link-hello-interval Ar seconds 232Set the hello interval in seconds. 233The default value is 5; valid range is 1\-65535. 234.El 235.Sh TARGETED NEIGHBORS 236Each targeted neighbor can have several parameters configured individually, 237otherwise they are inherited. 238.Bd -literal -offset indent 239address-family ipv4 { 240 targeted-neighbor A.B.C.D { 241 targeted-hello-holdtime 90 242 targeted-hello-interval 10 243 } 244} 245address-family ipv6 { 246 targeted-neighbor 2001:db8::1 247} 248.Ed 249.Pp 250Targeted-neighbor specific parameters are listed below. 251.Bl -tag -width Ds 252.It Ic targeted-hello-holdtime Ar seconds 253Set the hello holdtime in seconds. 254The maximum time 255.Xr ldpd 8 256will wait between two consecutive hello messages from a peer before it is 257marked as being down. 258The default value is 45. 259.It Ic targeted-hello-interval Ar seconds 260Set the hello interval in seconds. 261The default value is 5; valid range is 1\-65535. 262.El 263.Sh NEIGHBORS 264The 265.Ic neighbor 266section allows for the configuration of neighbor-specific parameters. 267Note, however, that 268.Xr ldpd 8 269uses the hello discovery mechanism to discover its neighbors. 270Without an underlying adjacency these commands have no effect. 271A neighbor is identified by its LSR-ID, not by its remote address. 272The neighbor-specific parameters apply for both LDPoIPv4 and LDPoIPv6 sessions. 273.Bd -literal -offset indent 274neighbor A.B.C.D { 275} 276.Ed 277.Pp 278Neighbor-specific parameters are listed below. 279.Bl -tag -width Ds 280.It Ic keepalive Ar seconds 281Set the keepalive timeout in seconds. 282Inherited from the global configuration if not given. 283Valid range is 3\-65535. 284.It Xo 285.Ic gtsm-enable 286.Pq Ic yes Ns | Ns Ic no 287.Xc 288Override the inherited configuration and enable/disable GTSM for this neighbor. 289.It Ic gtsm-hops Ar hops 290Set the maximum number of hops the neighbor may be away. 291When GTSM is enabled for this neighbor, incoming packets are required to have 292a TTL/hop limit of 256 minus this value, ensuring they have not passed 293through more than the expected number of hops. 294The default value is 1; valid range is 1\-255. 295.It Ic tcp md5sig password Ar secret 296Enable TCP MD5 signatures per RFC 5036 with the specified password. 297.It Ic tcp md5sig key Ar secret 298Enable TCP MD5 signatures per RFC 5036 with the specified hexadecimal key. 299.It Ic no tcp md5sig 300Disable the use of TCP MD5 signatures. 301.El 302.Sh LAYER 2 VPNS 303.Xr ldpd 8 304implements the signaling of pseudowires which can be used to 305implement either the VPWS solution (also known as PWE3) or the VPLS 306solution. 307Currently only the VPLS solution is supported. 308.Bd -literal -offset indent 309l2vpn name type vpls { 310 bridge bridge0 311 interface em1 312 pseudowire mpw1 { 313 pw-id 100 314 neighbor-id 192.168.1.10 315 } 316 pseudowire mpw2 { 317 pw-id 200 318 neighbor-id 10.0.1.5 319 } 320} 321.Ed 322.Pp 323Layer 2 VPN specific parameters are listed below. 324.Bl -tag -width Ds 325.It Ic bridge Ar interface 326Set the bridge interface the VPLS is associated with. 327This parameter is optional and is only used to remove MAC addresses received 328from MAC address withdrawal messages. 329Only one bridge interface can be set. 330.It Ic interface Ar interface 331Configure a non pseudowire interface pertaining to the VPLS. 332This parameter is optional and is only used to send MAC address withdrawal 333messages when the specified interface is shutdown. 334Multiple interfaces can be configured. 335.It Ic mtu Ar number 336Set the MTU advertised in the pseudowires. 337Local and remote MTUs must match for a pseudowire to be set up. 338The default value is 1500. 339.It Xo 340.Ic type 341.Pq Ic ethernet Ns | Ns Ic ethernet-tagged 342.Xc 343Specify the type of the configured pseudowires. 344The type must be the same at both endpoints. 345The default is 346.Ic ethernet . 347.El 348.Sh PSEUDOWIRES 349Each 350.Xr mpw 4 351pseudowire interface can have several parameters configured individually, 352otherwise they are inherited. 353A pseudowire interface is specified by its name. 354.Bd -literal -offset indent 355pseudowire mpw5 { 356 pw-id 5000 357 neighbor-id 172.16.1.50 358} 359.Ed 360.Pp 361Pseudowire-specific parameters are listed below. 362.Bl -tag -width Ds 363.It Xo 364.Ic control-word 365.Pq Ic yes Ns | Ns Ic no 366.Xc 367Specify whether the use of the control word is preferred or not 368preferred. 369The default is 370.Ic yes . 371.It Ic neighbor-addr Ar address 372Specify the IPv4 or IPv6 address of the remote endpoint of the pseudowire. 373A targeted neighbor will automatically be created for this address. 374By default, the LSR-ID of the remote endpoint of the pseudowire will be used. 375.It Ic neighbor-id Ar address 376Specify the LSR-ID of the remote endpoint of the pseudowire. 377.It Ic pw-id Ar number 378Set the PW ID used to identify the pseudowire. 379The PW ID must be the same at both endpoints. 380Valid range is 1\-4294967295. 381.It Xo 382.Ic status-tlv 383.Pq Ic yes Ns | Ns Ic no 384.Xc 385Specify whether the use of the Status TLV is preferred or not 386preferred. 387The default is 388.Ic yes . 389.El 390.Sh FILES 391.Bl -tag -width /etc/examples/ldpd.conf -compact 392.It Pa /etc/ldpd.conf 393.Xr ldpd 8 394configuration file. 395.It Pa /etc/examples/ldpd.conf 396Example configuration file. 397.El 398.Sh SEE ALSO 399.Xr ldpctl 8 , 400.Xr ldpd 8 , 401.Xr rc.conf.local 8 402.Sh HISTORY 403The 404.Nm 405file format first appeared in 406.Ox 4.6 . 407