BIRD: Well, we think we have already explained that. It's an acronym standing for `BIRD Internet Routing Daemon', you remember, don't you? :-)
Internet Routing: It's a program (well, a daemon, as you are going to discover in a moment) which works as a dynamic router in an Internet type network (that is, in a network running either the IPv4 or the IPv6 protocol). Routers are devices which forward packets between interconnected networks in order to allow hosts not connected directly to the same local area network to communicate with each other. They also communicate with the other routers in the Internet to discover the topology of the network which allows them to find optimal (in terms of some metric) rules for forwarding of packets (which are called routing tables) and to adapt themselves to the changing conditions such as outages of network links, building of new connections and so on. Most of these routers are costly dedicated devices running obscure firmware which is hard to configure and not open to any changes (on the other hand, their special hardware design allows them to keep up with lots of high-speed network interfaces, better than general-purpose computer does). Fortunately, most operating systems of the UNIX family allow an ordinary computer to act as a router and forward packets belonging to the other hosts, but only according to a statically configured table.
A Routing Daemon is in UNIX terminology a non-interactive program running on background which does the dynamic part of Internet routing, that is it communicates with the other routers, calculates routing tables and sends them to the OS kernel which does the actual packet forwarding. There already exist other such routing daemons: routed (RIP only), GateD (non-free), Zebra http://www.zebra.org and MRTD http://sourceforge.net/projects/mrt, but their capabilities are limited and they are relatively hard to configure and maintain.
BIRD is an Internet Routing Daemon designed to avoid all of these shortcomings, to support all the routing technology used in the today's Internet or planned to be used in near future and to have a clean extensible architecture allowing new routing protocols to be incorporated easily. Among other features, BIRD supports:
- both IPv4 and IPv6 protocols
- multiple routing tables
- the Border Gateway Protocol (BGPv4)
- the Routing Information Protocol (RIPv2)
- the Open Shortest Path First protocol (OSPFv2, OSPFv3)
- the Router Advertisements for IPv6 hosts
- a virtual protocol for exchange of routes between different routing tables on a single host
- a command-line interface allowing on-line control and inspection of status of the daemon
- soft reconfiguration (no need to use complex online commands to change the configuration, just edit the configuration file and notify BIRD to re-read it and it will smoothly switch itself to the new configuration, not disturbing routing protocols unless they are affected by the configuration changes)
- a powerful language for route filtering
BIRD has been developed at the Faculty of Math and Physics, Charles University, Prague, Czech Republic as a student project. It can be freely distributed under the terms of the GNU General Public License.
BIRD has been designed to work on all UNIX-like systems. It has been developed and tested under Linux 2.0 to 2.6, and then ported to FreeBSD, NetBSD and OpenBSD, porting to other systems (even non-UNIX ones) should be relatively easy due to its highly modular architecture.
BIRD supports either IPv4 or IPv6 protocol, but have to be compiled separately for each one. Therefore, a dualstack router would run two instances of BIRD (one for IPv4 and one for IPv6), with completely separate setups (configuration files, tools ...).
On a recent UNIX system with GNU development tools (GCC, binutils, m4, make) and Perl, installing BIRD should be as easy as:
./configure make make install vi /usr/local/etc/bird.conf bird
You can use
./configure --help to get a list of configure
options. The most important ones are:
--enable-ipv6 which enables building
of an IPv6 version of BIRD,
--with-protocols= to produce a slightly smaller
BIRD executable by configuring out routing protocols you don't use, and
--prefix= to install BIRD to a place different from /usr/local.
You can pass several command-line options to bird:
-c config name
use given configuration file instead of prefix/etc/bird.conf.
enable debug messages and run bird in foreground.
-D filename of debug log
log debugging information to given file instead of stderr.
just parse the config file and exit. Return value is zero if the config file is valid, nonzero if there are some errors.
-s name of communication socket
use given filename for a socket for communications with the client, default is prefix/var/run/bird.ctl.
-P name of PID file
create a PID file with given filename.
drop privileges and use that user ID, see the next section for details.
use that group ID, see the next section for details.
run bird in foreground.
look for a configuration file and a communication socket in the current working directory instead of in default system locations. However, paths specified by options
-shave higher priority.
apply graceful restart recovery after start.
BIRD writes messages about its work to log files or syslog (according to config).
BIRD, as a routing daemon, uses several privileged operations (like setting
routing table and using raw sockets). Traditionally, BIRD is executed and runs
with root privileges, which may be prone to security problems. The recommended
way is to use a privilege restriction (options
-g). In that case
BIRD is executed with root privileges, but it changes its user and group ID to
an unprivileged ones, while using Linux capabilities to retain just required
privileges (capabilities CAP_NET_*). Note that the control socket is created
before the privileges are dropped, but the config file is read after that. The
privilege restriction is not implemented in BSD port of BIRD.
A nonprivileged user (as an argument to
-u options) may be the user
nobody, but it is suggested to use a new dedicated user account (like
bird). The similar considerations apply for the group option, but there is
one more condition -- the users in the same group can use birdc to
Finally, there is a possibility to use external tools to run BIRD in an environment with restricted privileges. This may need some configuration, but it is generally easy -- BIRD needs just the standard library, privileges to read the config file and create the control socket and the CAP_NET_* capabilities.
Next Previous Contents