Understanding the Dynamic routing module

Dynamic routing can be configured in the General tab of the Dynamic routing module in the web administration interface.

In the BIRD v2, IPv4 BIRD v1 and IPv6 BIRD v1 tabs (if IPv6 support has been enabled), BIRD configuration files can be edited.

Do note that the graphical interface editor does not allow you to access interactive modes, in which dynamic routing can be monitored (operational tests of new configurations through a temporary configuration and status preview).

The table below maps each BIRD version to its configuration tab in the web administration interface, its configuration file, and its interactive binary file in console mode:

BIRD version Configuration tab Configuration file Interactive binary file
BIRD v2 - IPv4 and IPv6 BIRD v2 bird.conf birdc
BIRD v1 - IPv4 IPv4 BIRD v1 bird4.conf birdc4
BIRD v1 - IPv6 IPv6 BIRD v1 bird6.conf birdc6

NOTE
When one version of BIRD is disabled, the corresponding configuration tab will show the suffix "(INACTIVE)".
Example: BIRD v2 (INACTIVE).

General tab

This option allows you to enable/disable the desired version of the BIRD dynamic routing engine.

After SNS firewalls in a version lower than SNS 4.8.1 are updated to SNS version 4.8.1 or higher, the configuration will be as follows:

  • BIRD v2: this radio button is selected by default.
  • BIRD v1: this radio button will be selected if the firewall was initially configured only in IPv4, and if its IPv4 BIRD v1 configuration was active prior to the firmware update.
    The following radio buttons will appear only if the firewall was initially configured in IPv4 and IPv6:
    • IPv4: this radio button is selected for firewalls on which only an IPv4 BIRD v1 configuration was active prior to the firmware update.
    • IPv6: this radio button is selected for firewalls on which only an IPv6 BIRD v1 configuration was active prior to the firmware update.
    • IPv4 and IPv6: this radio button is selected for firewalls on which IPv4 and IPv6 BIRD v1 configurations were active prior to the firmware update.

IMPORTANT
If you want the routes that were learned by BIRD to be automatically added to the table of protected networks, thereby preventing these networks from wrongly raising antispoofing alerts, select these checkboxes (depending on your configuration):

  • Add IPv4 networks distributed via dynamic routing to the table of protected networks.
  • Add IPv6 networks distributed via dynamic routing to the table of protected networks.

BIRD v2 tab

This tab shows:

  • On the left side of the screen: a minimalist BIRD v2 configuration frame containing the basic mandatory sections,
  • On the right side of the screen: the firewall's original BIRD v1 configuration (IPv4 and/or IPv6).

This section also allows you to modify the firewall’s BIRD v2 configuration and validate it.


IPv4 BIRD v1 tab

This tab shows the original configuration on the firewall for the IPv4 dynamic routing managed by BIRD v1. This section also allows you to edit and validate the configuration.

Optional IPv6 BIRD v1 tab

This tab shows the original configuration on the firewall for the IPv6 dynamic routing managed by BIRD v1. This section also allows you to edit and validate the configuration.

It looks exactly like the IPv4 BIRD v1/IPv4 BIRD v1 (INACTIVE) tab.

Verification console

When you click on the Check configuration button in one of the BIRD configuration tabs shown below, the verification console located at the bottom of the screen shows the syntax errors encountered, if any.

Errors are identified in the console by their line numbers and column numbers. Line numbers that contain errors are also highlighted in red in the configuration: