OPENNHRP.CONF(5) OpenNHRP Documentation OPENNHRP.CONF(5)NAMEopennhrp.conf - NHRP daemon configuration file
DESCRIPTION
The opennhrp.conf file contains information for the opennhrp.
This configuration file is a free-form ASCII text file. It is parsed by
the word-by-word parser built into opennhrp. The file may contain
extra whitespace, tabs and newline for formatting purposes. Keywords
and contents are case-sensitive. Comments can be marked with a hash
sign (#) and everything following it until newline is ignored.
DIRECTIVES
Directives are keywords that can appear in any context of the configu‐
ration file and they select a new context.
interface interface-name
Marks the start of configuration for network interface inter‐
face-name. Even if no interface specific configuration is
required, the interface directive must be present to enable NHRP
on that interface.
INTERFACE CONTEXT
These configuration keywords can appear only in the interface context.
map protocol-address[/prefix] nbma-address [register] [cisco]
Creates static peer mapping of protocol-address to nbma-address.
If the prefix parameter is present, it directs opennhrp to use
this peer as a next hop server when sending Resolution Requests
matching this subnet.
The optional parameter register specifies that Registration
Request should be sent to this peer on startup.
If the statically mapped peer is running Cisco IOS, specify the
cisco keyword. It is used to fix statically the Registration
Request ID so that a matching Purge Request can be sent if NBMA
address has changed. This is to work around broken IOS which
requires Purge Request ID to match the original Registration
Request ID.
dynamic-map protocol-address/prefix nbma-domain-name
Specifies that the NBMA addresses of the next hop servers are
defined in the domain name nbma-domain-name. For each A record
opennhrp creates a dynamic NHS entry.
Each dynamic NHS will get a peer entry with the configured net‐
work address and the discovered NBMA address.
The first registration request is sent to the protocol broadcast
address, and the server's real protocol address is dynamically
detected from the first registration reply (requires opennhrp
0.11 or newer).
Alternatively, if peer-up script hook can determine the protocol
address from the NBMA address (e.g. by doing an additional DNS
lookup or by parsing the IPsec certificate) it can inform this
mapping via opennhrpctl(8) update nbma command.
shortcut-target protocol-address/prefix [holding-time holdtime]
Defines an off-NBMA network prefix for which the GRE interface
will act as a gateway. This an alternative to defining local
interfaces with shortcut-destination flag.
multicast dynamic|nhs
multicast protocol-address
Determines how opennhrp daemon should soft switch the multicast
traffic. Currently, multicast traffic is captured by opennhrp
daemon using a packet socket, and resent back to proper destina‐
tions. This means that multicast packet sending is CPU inten‐
sive.
Specfying nhs makes all multicast packets to be repeated to each
statically configured next hop. dynamic instructs to forward to
all peers which we have a direct connection with. Alterna‐
tively, you can specify the directive multiple times for each
protocol-address the multicast traffic should be sent to.
WARNING: It is very easy to misconfigure multicast repeating if
you have multiple NHS:es.
holding-time holdtime
Specifies the holding time for NHRP Registration Requests and
Resolution Replies sent from this interface or shortcut-target.
The holdtime is specified in seconds and defaults to two hours.
route-table routetable
Specifies the kernel routing table to be monitored for outgoing
routes to this interface. This is required to do routing lookups
excluding active shortcut routes (for existing shortcut route
renewal). The default is main table.
If you use table directive in zebra.conf to put Quagga routes in
alternate table, this should match with it.
cisco-authentication secret
Enables Cisco style authentication on NHRP packets. This embeds
the secret plaintext password to the outgoing NHRP packets.
Incoming NHRP packets on this interface are discarded unless the
secret password is present. Maximum length of the secret is 8
characters.
redirect
Enable sending of Cisco style NHRP Traffic Indication packets.
If this is enabled and opennhrp detects a forwarded packet, it
will send a message to the original sender of the packet
instructing it to create a direct connection with the destina‐
tion. This is basically a protocol independent equivalent of
ICMP redirect.
shortcut
Enable creation of shortcut routes. A received NHRP Traffic
Indication will trigger the resolution and establishment of a
shortcut route.
IMPORTANT: You still need to run some routing protocol or have
static routes to some hub node in your NBMA network. NHRP does
not advertise routes; it can create shortcut route only for an
already routable subnet.
non-caching
Disables caching of peer information from forwarded NHRP Resolu‐
tion Reply packets. This can be used to reduce memory consump‐
tion on big NBMA subnets.
NOTE: currently does not do much as caching is not implemented.
shortcut-destination
This instructs opennhrp to reply with authorative answers on
NHRP Resolution Requests destinied to addresses in this inter‐
face (instead of forwarding the packets). This effectively
allows the creation of shortcut routes to subnets located on the
interface.
When specified, this should be the only keyword for the inter‐
face.
EXAMPLE
The following configuration file was used for testing OpenNHRP on a
machine with two ethernet network interfaces. GRE tunnel was configured
with tunnel IP 10.255.255.2/24. Configuration enables registration to
hub node at 10.255.255.1 and resolution of other nodes in the subnet
using that hub.
It also enables creation of shortcut routes to networks behind other
hosts (with holding-time override for the defined shortcut-target) in
our NBMA network and allows incoming shortcut routes.
interface gre1
holding-time 3600
map 10.255.255.1/24 192.168.200.1 register
shortcut-target 172.16.0.0/16 holding-time 1800
cisco-authentication secret
shortcut
redirect
non-caching
interface eth1
shortcut-destination
SEE ALSOopennhrp(8)AUTHORS
Timo Teras <timo.teras@iki.fi>
27 Oct 2010 OPENNHRP.CONF(5)
