<html>
<head>
<meta http-equiv="Content-Type" content="text/html;
charset=windows-1252">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<p>"distribute-list" and "redistribute" are sub commands of</p>
<p>"router rip" and "router ripng". Thus they must appear</p>
<p>after a "router ..." line and before any non "router ..." <br>
</p>
<p>sub command. <br>
</p>
<p>vtysh command completion will help you with the legal <br>
</p>
<p>syntax. Usually I configure frr/quagga via vtysh and persist</p>
<p>the configuration with the "write" command.</p>
<p>Frank<br>
</p>
<br>
<div class="moz-cite-prefix">On 02/26/21 01:53, jimc wrote:<br>
</div>
<blockquote type="cite"
cite="mid:c4c4765af1bb904f41b23927b9f1bd92@jfcarter.net">Version:
frr-7.5-3.3.x86_64 from OpenSuSE Tubleweed.
<br>
This is probably a near duplicate of bug 1279 (2017-10-02)
<br>
<a class="moz-txt-link-freetext" href="https://github.com/FRRouting/frr/issues/1279">https://github.com/FRRouting/frr/issues/1279</a>
<br>
except the OP omidit was trying to use BGP while I have RIP[ng].
<br>
I'm pointing the finger of blame at a documentation issue; in
other
<br>
words, almost certainly my frr.conf file (appended with comments)
<br>
lacks some prerequisite which would resurrect the redistribute and
<br>
distribute-list commands.
<br>
<br>
Presenting symptoms: ripd and ripngd never emit any RIP[ng]
packets,
<br>
even though the sub-router has a route to the subnet that I want
<br>
the local LAN to be able to reach. Plus: when I specify
<br>
"redistribute" and "distribute-list", frr -C complains:
<br>
<br>
```
<br>
line 56: % Unknown command[4]: distribute-list xenanet in
<br>
line 57: % Unknown command[4]: distribute-list xenanet out
<br>
line 61: % Unknown command[4]: redistribute kernel
<br>
line 63: % Unknown command[4]: redistribute static
<br>
line 65: % Unknown command[4]: redistribute connected
<br>
```
<br>
<br>
Back in 1987 I could just start rpc.ripd on SunOS-3 (no
authentication
<br>
in RIPv1), but 34 years later, Quagga looked like it gave a lot of
<br>
people a lot of trouble to configure it, so I thought to reinvent
the
<br>
wheel. But for political and national security reasons I think it
would
<br>
be a real good idea to have open source routing used more widely,
and
<br>
so I decided to give Quagga my best try. It succumbed to the same
issue
<br>
complained about here, attributed to an unfixed bug by many OP's,
and
<br>
I dug through the source code but was not able to find the "bug".
But
<br>
I also hit references to FRR and tried it in the hope of a fix.
No such
<br>
luck. Currently I'm guessing that the problem is not in the code
but in
<br>
the documentation, so I've missed some important setup aspect.
I'm
<br>
planning to write up my experiences and of course it will include
the
<br>
conf file. In the appended instance I've retained comments, and
if you
<br>
spot any misconceptions among them I would appreciate corrections,
so
<br>
errors don't propagate.
<br>
<br>
```
<br>
# /etc/frr/frr.conf
<br>
# This file contains plaintext passwords and needs permission 640
frr:frr
<br>
# Revision history:
<br>
# 2021-02-17 jimc Becomes FRR (Free Range Routing) unified
config file.
<br>
# 2021-02-04 jimc Initial setup for Quagga / rip[ng]d,
abandoned.
<br>
<br>
# hostname itsname # Default is the system's 1-component name per
uname -n.
<br>
<br>
# Without a password, vtysh will not connect; the enable password
enables
<br>
# interactive reconfiguration. But it uses PAM; password not
needed for root.
<br>
# Warning, security is not robust; turn this off in production.
<br>
password redacted#1
<br>
enable password redacted#2
<br>
<br>
# Log file for all daemons
<br>
log file /var/log/frr/frr.log
<br>
<br>
# /etc/frr/daemons controls which protocol daemons to start, but
you also have
<br>
# to enable them. Not needed for staticd or zebra.
<br>
router rip
<br>
#rejected: version 2 # Do not receive v1 (which can't do
authentication)
<br>
router ripng
<br>
<br>
# "vtysh -C [-f other_file.conf]" will check the configuration
file; default
<br>
# is /etc/frr/frr.conf. It would appear that if no protocol is
enabled (e.g.
<br>
# by "router rip") for which a particular command (e.g. "network")
is relevant,
<br>
# the command is reported as "Unknown command[4]: network
192.9.200.0/24", not
<br>
# considering the parameters (e.g. with "router ripng", the IPv4
version is
<br>
# not unknown).
<br>
<br>
# Interfaces with an IP address in this range may send and receive
protocol
<br>
# packets. You can also enable named interfaces e.g. en0.
<br>
network 192.9.200.0/24
<br>
network 2600:3c01:e000:306::/64
<br>
<br>
# We're only going to include these subnet(s) in incoming +
outgoing packets.
<br>
# In Quagga you could also use an access-list.
<br>
ip prefix-list xenanet permit 192.9.200.176/29
<br>
ip prefix-list xenanet deny any
<br>
<br>
# Syntax: 'route-map' its_name permit|deny line_number; matches
etc. follow.
<br>
# A number is a valid identifier and you confusingly see this in
tutorials.
<br>
route-map cnmap permit 1
<br>
match ip address prefix-list xenanet
<br>
route-map cnmap deny 2
<br>
<br>
# Zebra can filter incoming routes per protocol or for any
protocol. It just
<br>
# ignores non-permitted routes. Looks like the default is to deny
everything.
<br>
ip protocol any route-map cnmap
<br>
<br>
# In incoming and outgoing packets, only the specified subnets are
included.
<br>
distribute-list xenanet in
<br>
distribute-list xenanet out
<br>
<br>
# Daemons send routes that they learned from these sources.
<br>
# kernel = set in system routing table by non-FRR, e.g. "ip route
add..."
<br>
redistribute kernel
<br>
# static = configured in a FRR conf file. (CouchNet has none.)
<br>
redistribute static
<br>
# connected = seen in protocol packets from neighboring routers.
<br>
redistribute connected
<br>
<br>
# Turn on authentication (RIP v2 only). Mode md5 (hiss, boo!)
makes a HMAC
<br>
# over the packet with a pre-shared key prepended; the sender and
receiver must
<br>
# use the same key. It's OK to turn on auth for interfaces that
don't exist.
<br>
key chain CouchNet
<br>
key 1
<br>
key-string redacted#3
<br>
interface en0
<br>
ip rip authentication mode md5
<br>
ip rip authentication key-chain CouchNet
<br>
interface br0
<br>
ip rip authentication mode md5
<br>
ip rip authentication key-chain CouchNet
<br>
interface rad0
<br>
ip rip authentication mode md5
<br>
ip rip authentication key-chain CouchNet
<br>
interface tun0
<br>
ip rip authentication mode md5
<br>
ip rip authentication key-chain CouchNet
<br>
interface tun1
<br>
ip rip authentication mode md5
<br>
ip rip authentication key-chain CouchNet
<br>
interface tun9
<br>
ip rip authentication mode md5
<br>
ip rip authentication key-chain CouchNet
<br>
<br>
# Default timer values are used.
<br>
# update 30sec, send a gratuitous RIP packet this often.
<br>
# timeout 180sec, a route absent from "learn from" sources
(e.g.
<br>
# neighbors) for this long is redistributed as expired.
<br>
# garbage 120sec, after this long, expired routes are no
longer announced.
<br>
```
<br>
<br>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
frog mailing list
<a class="moz-txt-link-abbreviated" href="mailto:frog@lists.frrouting.org">frog@lists.frrouting.org</a>
<a class="moz-txt-link-freetext" href="https://lists.frrouting.org/listinfo/frog">https://lists.frrouting.org/listinfo/frog</a>
</pre>
</blockquote>
<br>
</body>
</html>