17 files changed, 923 insertions, 46 deletions

diff --git a/doc/user/bgp.rst b/doc/user/bgp.rst
index c65f1144eb..cb97ee22df 100644
--- a/doc/user/bgp.rst
+++ b/doc/user/bgp.rst
@@ -31,12 +31,23 @@ be specified (:ref:`common-invocation-options`).
 
 .. option:: -l, --listenon
 
-   Specify a specific IP address for bgpd to listen on, rather than its default
+   Specify specific IP addresses for bgpd to listen on, rather than its default
    of ``0.0.0.0`` / ``::``. This can be useful to constrain bgpd to an internal
-   address, or to run multiple bgpd processes on one host.
+   address, or to run multiple bgpd processes on one host. Multiple addresses
+   can be specified.
+
+   In the following example, bgpd is started listening for connections on the
+   addresses 100.0.1.2 and fd00::2:2. The options -d (runs in daemon mode) and
+   -f (uses specific configuration file) are also used in this example as we
+   are likely to run multiple bgpd instances, each one with different
+   configurations, when using -l option.
 
    Note that this option implies the --no_kernel option, and no learned routes will be installed into the linux kernel.
 
+.. code-block:: shell
+
+   # /usr/lib/frr/bgpd -d -f /some-folder/bgpd.conf -l 100.0.1.2 -l fd00::2:2
+
 .. option:: -n, --no_kernel
 
    Do not install learned routes into the linux kernel.  This option is useful
@@ -424,10 +435,14 @@ Require policy on EBGP
 .. clicmd:: [no] bgp ebgp-requires-policy
 
    This command requires incoming and outgoing filters to be applied
-   for eBGP sessions. Without the incoming filter, no routes will be
-   accepted. Without the outgoing filter, no routes will be announced.
+   for eBGP sessions as part of RFC-8212 compliance. Without the incoming
+   filter, no routes will be accepted. Without the outgoing filter, no
+   routes will be announced.
 
-   This is enabled by default.
+   This is enabled by default for the traditional configuration and
+   turned off by default for datacenter configuration.
+
+   When you enable/disable this option you MUST clear the session.
 
    When the incoming or outgoing filter is missing you will see
    "(Policy)" sign under ``show bgp summary``:
@@ -446,6 +461,22 @@ Require policy on EBGP
       192.168.0.2     4      65002         8        10        0    0    0 00:03:09            5 (Policy)
       fe80:1::2222    4      65002         9        11        0    0    0 00:03:09     (Policy) (Policy)
 
+   Additionally a `show bgp neighbor` command would indicate in the `For address family:`
+   block that:
+
+   .. code-block:: frr
+
+      exit1# show bgp neighbor
+      ...
+      For address family: IPv4 Unicast
+       Update group 1, subgroup 1
+       Packet Queue length 0
+       Inbound soft reconfiguration allowed
+       Community attribute sent to this neighbor(all)
+       Inbound updates discarded due to missing policy
+       Outbound updates discarded due to missing policy
+       0 accepted prefixes
+
 Reject routes with AS_SET or AS_CONFED_SET types
 ------------------------------------------------
 
@@ -454,6 +485,17 @@ Reject routes with AS_SET or AS_CONFED_SET types
 
    This command enables rejection of incoming and outgoing routes having AS_SET or AS_CONFED_SET type.
 
+Suppress duplicate updates
+--------------------------
+
+.. index:: bgp suppress-duplicates
+.. clicmd:: [no] bgp suppress-duplicates
+
+   For example, BGP routers can generate multiple identical announcements with
+   empty community attributes if stripped at egress. This is an undesired behavior.
+   Suppress duplicate updates if the route actually not changed.
+   Default: enabled.
+
 Disable checking if nexthop is connected on EBGP sessions
 ---------------------------------------------------------
 
@@ -469,28 +511,57 @@ Disable checking if nexthop is connected on EBGP sessions
 Route Flap Dampening
 --------------------
 
-.. clicmd:: bgp dampening (1-45) (1-20000) (1-20000) (1-255)
+.. index:: [no] bgp dampening [(1-45) [(1-20000) (1-20000) (1-255)]]
+.. clicmd:: [no] bgp dampening [(1-45) [(1-20000) (1-20000) (1-255)]]
+
+   This command enables (with optionally specified dampening parameters) or
+   disables route-flap dampening for all routes of a BGP instance.
 
-   This command enables BGP route-flap dampening and specifies dampening parameters.
+.. index:: [no] neighbor PEER dampening [(1-45) [(1-20000) (1-20000) (1-255)]]
+.. clicmd:: [no] neighbor PEER dampening [(1-45) [(1-20000) (1-20000) (1-255)]]
+
+   This command enables (with optionally specified dampening parameters) or
+   disables route-flap dampening for all routes learned from a BGP peer.
+
+.. index:: [no] neighbor GROUP dampening [(1-45) [(1-20000) (1-20000) (1-255)]]
+.. clicmd:: [no] neighbor GROUP dampening [(1-45) [(1-20000) (1-20000) (1-255)]]
+
+   This command enables (with optionally specified dampening parameters) or
+   disables route-flap dampening for all routes learned from peers of a peer
+   group.
 
    half-life
-      Half-life time for the penalty
+      Half-life time for the penalty in minutes (default value: 15).
 
    reuse-threshold
-      Value to start reusing a route
+      Value to start reusing a route (default value: 750).
 
    suppress-threshold
-      Value to start suppressing a route
+      Value to start suppressing a route (default value: 2000).
 
    max-suppress
-      Maximum duration to suppress a stable route
+      Maximum duration to suppress a stable route in minutes (default value:
+      60).
 
    The route-flap damping algorithm is compatible with :rfc:`2439`. The use of
-   this command is not recommended nowadays.
+   these commands is not recommended nowadays.
 
    At the moment, route-flap dampening is not working per VRF and is working only
    for IPv4 unicast and multicast.
 
+   With different parameter sets configurable for BGP instances, peer groups and
+   peers, the active dampening profile for a route is chosen on the fly,
+   allowing for various changes in configuration (i.e. peer group memberships)
+   during runtime. The parameter sets are taking precedence in the following
+   order:
+
+   1. Peer
+   2. Peer group
+   3. BGP instance
+
+   The negating commands do not allow to exclude a peer/peer group from a peer
+   group/BGP instances configuration.
+
 .. seealso::
    https://www.ripe.net/publications/docs/ripe-378
 
@@ -798,6 +869,38 @@ The following functionality is provided by graceful restart:
  <--------------------------------------------------------------------->
 
 
+.. _bgp-GR-preserve-forwarding-state:
+
+BGP-GR Preserve-Forwarding State
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+BGP OPEN message carrying optional capabilities for Graceful Restart has
+8 bit “Flags for Address Family” for given AFI and SAFI. This field contains
+bit flags relating to routes that were advertised with the given AFI and SAFI.
+
+.. code-block:: frr
+
+   0 1 2 3 4 5 6 7
+   +-+-+-+-+-+-+-+-+
+   |F|   Reserved  |
+   +-+-+-+-+-+-+-+-+
+
+The most significant bit is defined as the Forwarding State (F) bit, which
+can be used to indicate whether the forwarding state for routes that were
+advertised with the given AFI and SAFI has indeed been preserved during the
+previous BGP restart. When set (value 1), the bit indicates that the
+forwarding state has been preserved.
+The remaining bits are reserved and MUST be set to zero by the sender and
+ignored by the receiver.
+
+.. index:: bgp graceful-restart preserve-fw-state
+.. clicmd:: bgp graceful-restart preserve-fw-state
+
+FRR gives us the option to enable/disable the "F" flag using this specific
+vty command. However, it doesn't have the option to enable/disable
+this flag only for specific AFI/SAFI i.e. when this command is used, it
+applied to all the supported AFI/SAFI combinations for this peer.
+
 .. _bgp-end-of-rib-message:
 
 End-of-RIB (EOR) message
@@ -851,6 +954,19 @@ However, it MUST defer route selection for an address family until it either.
 
    This is command, will set the time for which stale routes are kept in RIB.
 
+.. index:: bgp graceful-restart stalepath-time (1-4095)
+.. clicmd:: bgp graceful-restart stalepath-time (1-4095)
+
+   This is command, will set the max time (in seconds) to hold onto
+   restarting peer's stale paths.
+
+   It also controls Enhanced Route-Refresh timer.
+
+   If this command is configured and the router does not receive a Route-Refresh EoRR
+   message, the router removes the stale routes from the BGP table after the timer
+   expires. The stale path timer is started when the router receives a Route-Refresh
+   BoRR message.
+
 .. _bgp-per-peer-graceful-restart:
 
 BGP Per Peer Graceful Restart
@@ -1372,6 +1488,9 @@ Configuring Peers
    directly connected and this knob is not enabled, the session will not
    establish.
 
+   If the peer's IP address is not in the RIB and is reachable via the
+   default route, then you have to enable ``ip nht resolve-via-default``.
+
 .. index:: neighbor PEER description ...
 .. clicmd:: [no] neighbor PEER description ...
 
@@ -1596,7 +1715,7 @@ Configuring Peers
    peer in question.  This number is between 0 and 600 seconds,
    with the default advertisement interval being 0.
 
-.. index:: [no] neighbor PEER timers delayopen (1-240)
+.. index:: neighbor PEER timers delayopen (1-240)
 .. clicmd:: [no] neighbor PEER timers delayopen (1-240)
 
    This command allows the user enable the
@@ -1871,9 +1990,9 @@ is 4 octet long. The following format is used to define the community value.
    ``0xFFFF029A`` ``65535:666``. :rfc:`7999` documents sending prefixes to
    EBGP peers and upstream for the purpose of blackholing traffic.
    Prefixes tagged with the this community should normally not be
-   re-advertised from neighbors of the originating network. It is
-   recommended upon receiving prefixes tagged with this community to
-   add ``NO_EXPORT`` and ``NO_ADVERTISE``.
+   re-advertised from neighbors of the originating network. Upon receiving
+   ``BLACKHOLE`` community from a BGP speaker, ``NO_ADVERTISE`` community
+   is added automatically.
 
 ``no-export``
    ``no-export`` represents well-known communities value ``NO_EXPORT``
@@ -2644,11 +2763,11 @@ Ethernet Segments
 An Ethernet Segment can be configured by specifying a system-MAC and a
 local discriminatior against the bond interface on the PE (via zebra) -
 
-.. index:: evpn mh es-id [(1-16777215)$es_lid]
-.. clicmd:: [no] evpn mh es-id [(1-16777215)$es_lid]
+.. index:: evpn mh es-id (1-16777215)
+.. clicmd:: [no] evpn mh es-id (1-16777215)
 
-.. index:: evpn mh es-sys-mac [X:X:X:X:X:X$mac]
-.. clicmd:: [no$no] evpn mh es-sys-mac [X:X:X:X:X:X$mac]
+.. index:: evpn mh es-sys-mac X:X:X:X:X:X
+.. clicmd:: [no] evpn mh es-sys-mac X:X:X:X:X:X
 
 The sys-mac and local discriminator are used for generating a 10-byte,
 Type-3 Ethernet Segment ID.
@@ -2671,8 +2790,8 @@ forward BUM traffic received via the overlay network. This implementation
 uses a preference based DF election specified by draft-ietf-bess-evpn-pref-df.
 The DF preference is configurable per-ES (via zebra) -
 
-.. index:: evpn mh es-df-pref [(1-16777215)$df_pref]
-.. clicmd:: [no] evpn mh es-df-pref [(1-16777215)$df_pref]
+.. index:: evpn mh es-df-pref (1-16777215)
+.. clicmd:: [no] evpn mh es-df-pref (1-16777215)
 
 BUM traffic is rxed via the overlay by all PEs attached to a server but
 only the DF can forward the de-capsulated traffic to the access port. To
@@ -2682,6 +2801,20 @@ the traffic.
 Similarly traffic received from ES peers via the overlay cannot be forwarded
 to the server. This is split-horizon-filtering with local bias.
 
+Knobs for interop
+"""""""""""""""""
+Some vendors do not send EAD-per-EVI routes. To interop with them we
+need to relax the dependency on EAD-per-EVI routes and activate a remote
+ES-PE based on just the EAD-per-ES route.
+
+Note that by default we advertise and expect EAD-per-EVI routes.
+
+.. index:: disable-ead-evi-rx
+.. clicmd:: [no] disable-ead-evi-rx
+
+.. index:: disable-ead-evi-tx
+.. clicmd:: [no] disable-ead-evi-tx
+
 Fast failover
 """""""""""""
 As the primary purpose of EVPN-MH is redundancy keeping the failover efficient
@@ -2695,14 +2828,14 @@ been introduced for the express purpose of efficient ES failovers.
   on via the following BGP config -
 
 .. index:: use-es-l3nhg
-.. clicmd:: [no$no] use-es-l3nhg
+.. clicmd:: [no] use-es-l3nhg
 
 - Local ES (MAC/Neigh) failover via ES-redirect.
   On dataplanes that do not have support for ES-redirect the feature can be
   turned off via the following zebra config -
 
 .. index:: evpn mh redirect-off
-.. clicmd:: [no$no] evpn mh redirect-off
+.. clicmd:: [no] evpn mh redirect-off
 
 Uplink/Core tracking
 """"""""""""""""""""
@@ -2723,11 +2856,11 @@ the ES peer (PE2) goes down PE1 continues to advertise hosts learnt from PE2
 for a holdtime during which it attempts to establish local reachability of
 the host. This holdtime is configurable via the following zebra commands -
 
-.. index:: evpn mh neigh-holdtime (0-86400)$duration
-.. clicmd:: [no$no] evpn mh neigh-holdtime (0-86400)$duration
+.. index:: evpn mh neigh-holdtime (0-86400)
+.. clicmd:: [no] evpn mh neigh-holdtime (0-86400)
 
-.. index:: evpn mh mac-holdtime (0-86400)$duration
-.. clicmd:: [no$no] evpn mh mac-holdtime (0-86400)$duration
+.. index:: evpn mh mac-holdtime (0-86400)
+.. clicmd:: [no] evpn mh mac-holdtime (0-86400)
 
 Startup delay
 """""""""""""
@@ -2736,8 +2869,8 @@ and EVPN network to converge before enabling the ESs. For this duration the
 ES bonds are held protodown. The startup delay is configurable via the
 following zebra command -
 
-.. index:: evpn mh startup-delay(0-3600)$duration
-.. clicmd:: [no] evpn mh startup-delay(0-3600)$duration
+.. index:: evpn mh startup-delay (0-3600)
+.. clicmd:: [no] evpn mh startup-delay (0-3600)
 
 +Support with VRF network namespace backend
 +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
@@ -3199,8 +3332,8 @@ Some other commands provide additional options for filtering the output.
    This command displays BGP routes using AS path regular expression
    (:ref:`bgp-regular-expressions`).
 
-.. index:: show [ip] bgp [all] summary [json]
-.. clicmd:: show [ip] bgp [all] summary [json]
+.. index:: show [ip] bgp [all] summary [wide] [json]
+.. clicmd:: show [ip] bgp [all] summary [wide] [json]
 
    Show a bgp peer summary for the specified address family.
 
@@ -3209,6 +3342,25 @@ and should no longer be used. In order to reach the other BGP routing tables
 other than the IPv6 routing table given by :clicmd:`show bgp`, the new command
 structure is extended with :clicmd:`show bgp [afi] [safi]`.
 
+``wide`` option gives more output like ``LocalAS`` and extended ``Desc`` to
+64 characters.
+
+   .. code-block:: frr
+
+      exit1# show ip bgp summary wide
+
+      IPv4 Unicast Summary:
+      BGP router identifier 192.168.100.1, local AS number 65534 vrf-id 0
+      BGP table version 3
+      RIB entries 5, using 920 bytes of memory
+      Peers 1, using 27 KiB of memory
+
+      Neighbor        V         AS    LocalAS   MsgRcvd   MsgSent   TblVer  InQ OutQ  Up/Down State/PfxRcd   PfxSnt Desc
+      192.168.0.2     4      65030        123        15        22        0    0    0 00:07:00            0        1 us-east1-rs1.frrouting.org
+
+      Total number of neighbors 1
+      exit1#
+
 .. index:: show bgp [afi] [safi] [all] [wide|json]
 .. clicmd:: show bgp [afi] [safi] [all] [wide|json]
 
@@ -3341,6 +3493,32 @@ attribute.
 
    If ``json`` option is specified, output is displayed in JSON format.
 
+.. index:: show bgp labelpool <chunks|inuse|ledger|requests|summary> [json]
+.. clicmd:: show bgp labelpool <chunks|inuse|ledger|requests|summary> [json]
+
+   These commands display information about the BGP labelpool used for
+   the association of MPLS labels with routes for L3VPN and Labeled Unicast
+
+   If ``chunks`` option is specified, output shows the current list of label
+   chunks granted to BGP by Zebra, indicating the start and end label in
+   each chunk
+
+   If ``inuse`` option is specified, output shows the current inuse list of
+   label to prefix mappings
+
+   If ``ledger`` option is specified, output shows ledger list of all
+   label requests made per prefix
+
+   If ``requests`` option is specified, output shows current list of label
+   requests which have not yet been fulfilled by the labelpool
+
+   If ``summary`` option is specified, output is a summary of the counts for
+   the chunks, inuse, ledger and requests list along with the count of
+   outstanding chunk requests to Zebra and the nummber of zebra reconnects
+   that have happened
+
+   If ``json`` option is specified, output is displayed in JSON format.
+
 .. _bgp-display-routes-by-lcommunity:
 
 Displaying Routes by Large Community Attribute
@@ -3470,10 +3648,10 @@ starting the daemon and the configuration gets saved, the option will persist
 unless removed from the configuration with the negating command prior to the
 configuration write operation.
 
-.. index:: [no] bgp send-extra-data zebra
+.. index:: bgp send-extra-data zebra
 .. clicmd:: [no] bgp send-extra-data zebra
 
-   This Command turns off the ability of BGP to send extra data to zebra.
+This Command turns off the ability of BGP to send extra data to zebra.
 In this case it's the AS-Path being used for the path.  The default behavior
 in BGP is to send this data and to turn it off enter the no form of the command.
 If extra data was sent to zebra, and this command is turned on there is no
diff --git a/doc/user/fabricd.rst b/doc/user/fabricd.rst
index a74d3e098b..17a51ccb3c 100644
--- a/doc/user/fabricd.rst
+++ b/doc/user/fabricd.rst
@@ -57,6 +57,19 @@ in the configuration:
 
    Configure the authentication password for a domain, as clear text or md5 one.
 
+.. index:: attached-bit [receive ignore | send]
+.. clicmd:: attached-bit [receive ignore | send]
+
+.. index:: attached-bit
+.. clicmd:: no attached-bit
+
+   Set attached bit for inter-area traffic:
+
+   - receive
+     If LSP received with attached bit set, create default route to neighbor
+   - send
+     If L1|L2 router, set attached bit in LSP sent to L1 router
+   
 .. index:: log-adjacency-changes
 .. clicmd:: log-adjacency-changes
 
@@ -64,7 +77,7 @@ in the configuration:
 .. clicmd:: no log-adjacency-changes
 
    Log changes in adjacency state.
-
+     
 .. index:: set-overload-bit
 .. clicmd:: set-overload-bit
 
diff --git a/doc/user/index.rst b/doc/user/index.rst
index 8ac997f8dd..7b9464668b 100644
--- a/doc/user/index.rst
+++ b/doc/user/index.rst
@@ -29,6 +29,7 @@ Basics
    ipv6
    kernel
    snmp
+   scripting
 .. modules
 
 #########
@@ -50,6 +51,7 @@ Protocols
    nhrpd
    ospfd
    ospf6d
+   pathd
    pim
    pbr
    ripd
diff --git a/doc/user/installation.rst b/doc/user/installation.rst
index 382d71b71f..a13e6ce43b 100644
--- a/doc/user/installation.rst
+++ b/doc/user/installation.rst
@@ -362,6 +362,10 @@ options from the list below.
 
    Set hardcoded rpaths in the executable [default=yes].
 
+.. option:: --enable-scripting
+
+   Enable Lua scripting [default=no].
+
 You may specify any combination of the above options to the configure
 script. By default, the executables are placed in :file:`/usr/local/sbin`
 and the configuration files in :file:`/usr/local/etc`. The :file:`/usr/local/`
@@ -382,6 +386,10 @@ options to the configuration script.
    Configure zebra to use `dir` for local state files, such as pid files and
    unix sockets.
 
+.. option:: --with-scriptdir <dir>
+
+   Look for Lua scripts in ``dir`` [``prefix``/etc/frr/scripts].
+
 .. option:: --with-yangmodelsdir <dir>
 
    Look for YANG modules in `dir` [`prefix`/share/yang]. Note that the FRR
diff --git a/doc/user/isisd.rst b/doc/user/isisd.rst
index f991e3f073..352701728d 100644
--- a/doc/user/isisd.rst
+++ b/doc/user/isisd.rst
@@ -72,6 +72,19 @@ writing, *isisd* does not support multiple ISIS processes.
    Configure the authentication password for an area, respectively a domain, as
    clear text or md5 one.
 
+.. index:: attached-bit [receive ignore | send]
+.. clicmd:: attached-bit [receive ignore | send]
+
+.. index:: attached-bit
+.. clicmd:: no attached-bit
+
+   Set attached bit for inter-area traffic:
+
+   - receive
+     If LSP received with attached bit set, create default route to neighbor
+   - send
+     If L1|L2 router, set attached bit in LSP sent to L1 router
+
 .. index:: log-adjacency-changes
 .. clicmd:: log-adjacency-changes
 
@@ -204,6 +217,12 @@ ISIS Fast-Reroute
 
    Disable load sharing across multiple LFA backups.
 
+.. index:: fast-reroute remote-lfa prefix-list WORD [level-1 | level-2]
+.. clicmd:: [no] fast-reroute remote-lfa prefix-list [WORD] [level-1 | level-2]
+
+   Configure a prefix-list to select eligible PQ nodes (valid for all protected
+   interfaces).
+
 .. _isis-region:
 
 ISIS region
@@ -400,6 +419,18 @@ ISIS interface
 
    Enable per-prefix TI-LFA fast reroute link or node protection.
 
+.. index:: isis fast-reroute remote-lfa tunnel mpls-ldp [level-1 | level-2]
+.. clicmd:: [no] isis fast-reroute remote-lfa tunnel mpls-ldp [level-1 | level-2]
+
+   Enable per-prefix Remote LFA fast reroute link protection. Note that other
+   routers in the network need to be configured to accept LDP targeted hello
+   messages in order for RLFA to work.
+
+.. index:: isis fast-reroute remote-lfa maximum-metric (1-16777215) [level-1 | level-2]
+.. clicmd:: [no] isis fast-reroute remote-lfa maximum-metric (1-16777215) [level-1 | level-2]
+
+   Limit Remote LFA PQ node selection within the specified metric.
+
 .. _showing-isis-information:
 
 Showing ISIS information
diff --git a/doc/user/nhrpd.rst b/doc/user/nhrpd.rst
index 9caeb0eedb..65645c519d 100644
--- a/doc/user/nhrpd.rst
+++ b/doc/user/nhrpd.rst
@@ -180,14 +180,15 @@ Integration with IKE
 nhrpd needs tight integration with IKE daemon for various reasons.
 Currently only strongSwan is supported as IKE daemon.
 
-nhrpd connects to strongSwan using VICI protocol based on UNIX socket
-(hardcoded now as /var/run/charon.vici).
+nhrpd connects to strongSwan using VICI protocol based on UNIX socket which
+can be configured using the command below (default to /var/run/charon.vici).
 
 strongSwan currently needs few patches applied. Please check out the
-https://git.alpinelinux.org/user/tteras/strongswan/log/?h=tteras-release
-and
-https://git.alpinelinux.org/user/tteras/strongswan/log/?h=tteras
-git repositories for the patches.
+original patches at:
+https://git-old.alpinelinux.org/user/tteras/strongswan/
+
+Actively maintained patches are also available at:
+https://gitlab.alpinelinux.org/alpine/aports/-/tree/master/main/strongswan
 
 .. _nhrp-events:
 
diff --git a/doc/user/ospf6d.rst b/doc/user/ospf6d.rst
index 4f0ff90943..99119bb7e5 100644
--- a/doc/user/ospf6d.rst
+++ b/doc/user/ospf6d.rst
@@ -83,6 +83,12 @@ OSPF6 router
    This configuration setting MUST be consistent across all routers
    within the OSPF domain.
 
+.. index:: maximum-paths (1-64)
+.. clicmd::[no] maximum-paths (1-64)
+
+   Use this command to control the maximum number of parallel routes that
+   OSPFv3 can support. The default is 64.
+
 .. _ospf6-area:
 
 OSPF6 area
@@ -170,10 +176,34 @@ Showing OSPF6 information
    instance ID, simply type "show ipv6 ospf6 <cr>". JSON output can be
    obtained by appending 'json' to the end of command.
 
-.. index:: show ipv6 ospf6 database
-.. clicmd:: show ipv6 ospf6 database
+.. index:: show ipv6 ospf6 database [<detail|dump|internal>] [json]
+.. clicmd:: show ipv6 ospf6 database [<detail|dump|internal>] [json]
+
+   This command shows LSAs present in the LSDB. There are three view options.
+   These options helps in viewing all the parameters of the LSAs. JSON output
+   can be obtained by appending 'json' to the end of command. JSON option is
+   not applicable with 'dump' option.
+
+.. index:: show ipv6 ospf6 database <router|network|inter-prefix|inter-router|as-external|group-membership|type-7|link|intra-prefix> [json]
+.. clicmd:: show ipv6 ospf6 database <router|network|inter-prefix|inter-router|as-external|group-membership|type-7|link|intra-prefix> [json]
+
+   These options filters out the LSA based on its type. The three views options
+   works here as well. JSON output can be obtained by appending 'json' to the
+   end of command.
+
+.. index:: show ipv6 ospf6 database adv-router A.B.C.D linkstate-id A.B.C.D [json]
+.. clicmd:: show ipv6 ospf6 database adv-router A.B.C.D linkstate-id A.B.C.D [json]
+
+   The LSAs additinally can also be filtered with the linkstate-id and
+   advertising-router fields. We can use the LSA type filter and views with
+   this command as well and visa-versa. JSON output can be obtained by
+   appending 'json' to the end of command.
 
-   This command shows LSA database summary. You can specify the type of LSA.
+.. index:: show ipv6 ospf6 database self-originated [json]
+.. clicmd:: show ipv6 ospf6 database self-originated [json]
+
+   This command is used to filter the LSAs which are originated by the present
+   router. All the other filters are applicable here as well.
 
 .. index:: show ipv6 ospf6 interface [json]
 .. clicmd:: show ipv6 ospf6 interface [json]
@@ -216,6 +246,28 @@ Showing OSPF6 information
    Shows the routes which are redistributed by the router. JSON output can
    be obtained by appending 'json' at the end.
 
+.. index:: show ipv6 ospf6 route [<intra-area|inter-area|external-1|external-2|X:X::X:X|X:X::X:X/M|detail|summary>] [json]
+.. clicmd:: show ipv6 ospf6 route [<intra-area|inter-area|external-1|external-2|X:X::X:X|X:X::X:X/M|detail|summary>] [json]
+
+   This command displays the ospfv3 routing table as determined by the most
+   recent SPF calculations. Options are provided to view the different types
+   of routes. Other than the standard view there are two other options, detail
+   and summary. JSON output can be obtained by appending 'json' to the end of
+   command.
+
+.. index:: show ipv6 ospf6 route X:X::X:X/M match [detail] [json]
+.. clicmd:: show ipv6 ospf6 route X:X::X:X/M match [detail] [json]
+
+   The additional match option will match the given address to the destination
+   of the routes, and return the result accordingly.
+
+.. index:: show ipv6 ospf6 interface [IFNAME] prefix [detail|<X:X::X:X|X:X::X:X/M> [<match|detail>]] [json]
+.. clicmd:: show ipv6 ospf6 interface [IFNAME] prefix [detail|<X:X::X:X|X:X::X:X/M> [<match|detail>]] [json]
+
+   This command shows the prefixes present in the interface routing table.
+   Interface name can also be given. JSON output can be obtained by appending
+   'json' to the end of command.
+
 OSPF6 Configuration Examples
 ============================
 
diff --git a/doc/user/ospfd.rst b/doc/user/ospfd.rst
index cbde0fd46f..ee02a9dae5 100644
--- a/doc/user/ospfd.rst
+++ b/doc/user/ospfd.rst
@@ -322,6 +322,23 @@ To start OSPF process you have to specify the OSPF router.
 
    This feature is enabled by default.
 
+.. index:: clear ip ospf [(1-65535)] process
+.. clicmd:: clear ip ospf [(1-65535)] process
+
+   This command can be used to clear the ospf process data structures. This
+   will clear the ospf neighborship as well and it will get re-established.
+   This will clear the LSDB too. This will be helpful when there is a change
+   in router-id and if user wants the router-id change to take effect, user can
+   use this cli instead of restarting the ospfd daemon.
+
+.. index:: clear ip ospf [(1-65535)] neighbor
+.. clicmd:: clear ip ospf [(1-65535)] neighbor
+
+   This command can be used to clear the ospf neighbor data structures. This
+   will clear the ospf neighborship and it will get re-established. This
+   command can be used when the neighbor state get stuck at some state and
+   this can be used to recover it from that state.
+
 .. _ospf-area:
 
 Areas
@@ -1216,6 +1233,20 @@ Summary Route will be originated on-behalf of all matched external LSAs.
    Show configuration for display all configured summary routes with
    matching external LSA information.
 
+TI-LFA
+======
+
+Experimental support for Topology Independent LFA (Loop-Free Alternate), see
+for example 'draft-bashandy-rtgwg-segment-routing-ti-lfa-05'. Note that
+TI-LFA requires a proper Segment Routing configuration.
+
+.. index:: fast-reroute ti-lfa [node-protection]
+.. clicmd:: fast-reroute ti-lfa [node-protection]
+
+   Configured on the router level. Activates TI-LFA for all interfaces.
+
+   Note that so far only P2P interfaces are supported.
+
 Debugging OSPF
 ==============
 
diff --git a/doc/user/overview.rst b/doc/user/overview.rst
index a2ce67068f..f67698e404 100644
--- a/doc/user/overview.rst
+++ b/doc/user/overview.rst
@@ -321,6 +321,8 @@ BGP
   :t:`The Resource Public Key Infrastructure (RPKI) to Router Protocol. R. Bush, R. Austein. January 2013.`
 - :rfc:`6811`
   :t:`BGP Prefix Origin Validation. P. Mohapatra, J. Scudder, D. Ward, R. Bush, R. Austein. January 2013.`
+- :rfc:`7313`
+  :t:`Enhanced Route Refresh Capability for BGP-4. K. Patel, E. Chen, B. Venkatachalapathy. July 2014.`
 - :rfc:`7606`
   :t:`Revised Error Handling for BGP UPDATE Messages. E. Chen, J. Scudder, P. Mohapatra, K. Patel. August 2015.`
 - :rfc:`7607`
diff --git a/doc/user/pathd.rst b/doc/user/pathd.rst
new file mode 100644
index 0000000000..0815a6c414
--- /dev/null
+++ b/doc/user/pathd.rst
@@ -0,0 +1,443 @@
+.. _path:
+
+****
+PATH
+****
+
+:abbr:`PATH` is a daemon that handles the installation and deletion
+of Segment Routing (SR) Policies.
+
+
+.. _starting-path:
+
+Starting PATH
+=============
+
+Default configuration file for *pathd* is :file:`pathd.conf`.  The typical
+location of :file:`pathd.conf` is |INSTALL_PREFIX_ETC|/pathd.conf.
+
+If the user is using integrated config, then :file:`pathd.conf` need not be
+present and the :file:`frr.conf` is read instead.
+
+.. program:: pathd
+
+:abbr:`PATH` supports all the common FRR daemon start options which are
+documented elsewhere.
+
+
+PCEP Support
+============
+
+To build the PCC for pathd, the externall library `pceplib 1.2 <https://github.com/volta-networks/pceplib/tree/devel-1.2>`_ is required.
+
+To build FRR with support for PCEP the following steps must be followed:
+
+ - Checkout and build pceplib:
+
+```
+$ git clone https://github.com/volta-networks/pceplib
+$ cd pceplib
+$ make
+$ make install
+$ export PCEPLIB_ROOT=$PWD
+```
+
+ - Configure FRR with the extra parameters:
+
+```
+--enable-pcep LDFLAGS="-L${PCEPLIB_ROOT}/install/lib" CPPFLAGS="-I${PCEPLIB_ROOT}/install/include"
+```
+
+To start pathd with pcep support the extra parameter `-M pathd_pcep` should be
+passed to the pathd daemon.
+
+
+Pathd Configuration
+===================
+
+Example:
+
+.. code-block:: frr
+
+  debug pathd pcep basic
+  segment-routing
+   traffic-eng
+    segment-list SL1
+     index 10 mpls label 16010
+     index 20 mpls label 16030
+    !
+    policy color 1 endpoint 1.1.1.1
+     name default
+     binding-sid 4000
+     candidate-path preference 100 name CP1 explicit segment-list SL1
+     candidate-path preference 200 name CP2 dynamic
+      affinity include-any 0x000000FF
+      bandwidth 100000
+      metric bound msd 16 required
+      metric te 10
+      objective-function mcp required
+    !
+    pcep
+     pce-config GROUP1
+      source-address 1.1.1.1
+      tcp-md5-auth secret
+      timer keep-alive 30
+     !
+     pce PCE1
+      config GROUP1
+      address ip 10.10.10.10
+     !
+     pce PCE2
+      config GROUP1
+      address ip 9.9.9.9
+     !
+     pcc
+      peer PCE1 precedence 10
+      peer PCE2 precedence 20
+     !
+    !
+   !
+  !
+
+
+.. _path-commands:
+
+Configuration Commands
+----------------------
+
+.. index:: segment-routing
+.. clicmd:: segment-routing
+
+   Configure segment routing.
+
+.. index:: traffic-eng
+.. clicmd:: traffic-eng
+
+   Configure segment routing traffic engineering.
+
+.. index:: segment-list NAME
+.. clicmd:: [no] segment-list NAME
+
+   Delete or start a segment list definition.
+
+
+.. index:: index INDEX mpls label LABEL [nai node ADDRESS]
+.. clicmd:: [no] index INDEX mpls label LABEL [nai node ADDRESS]
+
+   Delete or specify a segment in a segment list definition.
+
+
+.. index:: policy color COLOR endpoint ENDPOINT
+.. clicmd:: [no] policy color COLOR endpoint ENDPOINT
+
+   Delete or start a policy definition.
+
+
+.. index:: name NAME
+.. clicmd:: name NAME
+
+   Specify the policy name.
+
+
+.. index:: binding-sid LABEL
+.. clicmd:: binding-sid LABEL
+
+   Specify the policy SID.
+
+
+.. index:: candidate-path preference PREFERENCE name NAME explicit segment-list SEGMENT-LIST-NAME
+.. clicmd:: [no] candidate-path preference PREFERENCE name NAME explicit segment-list SEGMENT-LIST-NAME
+
+   Delete or define an explicit candidate path.
+
+
+.. index:: candidate-path preference PREFERENCE name NAME dynamic
+.. clicmd:: [no] candidate-path preference PREFERENCE name NAME dynamic
+
+   Delete or start a dynamic candidate path definition.
+
+
+.. index:: affinity {exclude-any|include-any|include-all} BITPATTERN
+.. clicmd:: [no] affinity {exclude-any|include-any|include-all} BITPATTERN
+
+   Delete or specify an affinity constraint for a dynamic candidate path.
+
+
+.. index:: bandwidth BANDWIDTH [required]
+.. clicmd:: [no] bandwidth BANDWIDTH [required]
+
+   Delete or specify a bandwidth constraint for a dynamic candidate path.
+
+
+.. index:: metric [bound] METRIC VALUE [required]
+.. clicmd:: [no] metric [bound] METRIC VALUE [required]
+
+   Delete or specify a metric constraint for a dynamic candidate path.
+
+   The possible metrics are:
+    - igp: IGP metric
+    - te: TE metric
+    - hc: Hop Counts
+    - abc: Aggregate bandwidth consumption
+    - mll: Load of the most loaded link
+    - igp: Cumulative IGP cost
+    - cte: Cumulative TE cost
+    - igp: P2MP IGP metric
+    - pte: P2MP TE metric
+    - phc: P2MP hop count metric
+    - msd: Segment-ID (SID) Depth
+    - pd: Path Delay metric
+    - pdv: Path Delay Variation metric
+    - pl: Path Loss metric
+    - ppd: P2MP Path Delay metric
+    - pdv: P2MP Path Delay variation metric
+    - ppl: P2MP Path Loss metric
+    - nap: Number of adaptations on a path
+    - nlp: Number of layers on a path
+    - dc: Domain Count metric
+    - bnc: Border Node Count metric
+
+
+.. index:: objective-function OBJFUN1 [required]
+.. clicmd:: [no] objective-function OBJFUN1 [required]
+
+   Delete or specify a PCEP objective function constraint for a dynamic
+   candidate path.
+
+   The possible functions are:
+     - mcp: Minimum Cost Path [RFC5541]
+     - mlp: Minimum Load Path [RFC5541]
+     - mbp: Maximum residual Bandwidth Path [RFC5541]
+     - mbc: Minimize aggregate Bandwidth Consumption [RFC5541]
+     - mll: Minimize the Load of the most loaded Link [RFC5541]
+     - mcc: Minimize the Cumulative Cost of a set of paths [RFC5541]
+     - spt: Shortest Path Tree [RFC8306]
+     - mct: Minimum Cost Tree [RFC8306]
+     - mplp: Minimum Packet Loss Path [RFC8233]
+     - mup: Maximum Under-Utilized Path [RFC8233]
+     - mrup: Maximum Reserved Under-Utilized Path [RFC8233]
+     - mtd: Minimize the number of Transit Domains [RFC8685]
+     - mbn: Minimize the number of Border Nodes [RFC8685]
+     - mctd: Minimize the number of Common Transit Domains [RFC8685]
+     - msl: Minimize the number of Shared Links [RFC8800]
+     - mss: Minimize the number of Shared SRLGs [RFC8800]
+     - msn: Minimize the number of Shared Nodes [RFC8800]
+
+
+.. index:: debug pathd pcep [basic|path|message|pceplib]
+.. clicmd:: [no] debug pathd pcep [basic|path|message|pceplib]
+
+   Enable or disable debugging for the pcep module:
+
+     - basic: Enable basic PCEP logging
+     - path: Log the path structures
+     - message: Log the PCEP messages
+     - pceplib: Enable pceplib logging
+
+
+.. index:: pcep
+.. clicmd:: pcep
+
+   Configure PCEP support.
+
+
+.. index:: cep-config NAME
+.. clicmd:: [no] pce-config NAME
+
+   Define a shared PCE configuration that can be used in multiple PCE
+   declarations.
+
+
+.. index:: pce NAME
+.. clicmd:: [no] pce NAME
+
+   Define or delete a PCE definition.
+
+
+.. index:: config WORD
+.. clicmd:: config WORD
+
+   Select a shared configuration. If not defined, the default
+   configuration will be used.
+
+
+.. index:: address <ip A.B.C.D | ipv6 X:X::X:X> [port (1024-65535)]
+.. clicmd:: address <ip A.B.C.D | ipv6 X:X::X:X> [port (1024-65535)]
+
+   Define the address and port of the PCE.
+
+   If not specified, the port is the standard PCEP port 4189.
+
+   This should be specified in the PCC peer definition.
+
+
+.. index:: source-address [ip A.B.C.D | ipv6 X:X::X:X] [port PORT]
+.. clicmd:: source-address [ip A.B.C.D | ipv6 X:X::X:X] [port PORT]
+
+   Define the address and/or port of the PCC as seen by the PCE.
+   This can be used in a configuration group or a PCC peer declaration.
+
+   If not specified, the source address will be the router identifier selected
+   by zebra, and the port will be the standard PCEP port 4189.
+
+   This can be specified in either the PCC peer definition or in a
+   configuration group.
+
+
+.. index:: tcp-md5-auth WORD
+.. clicmd:: tcp-md5-auth WORD
+
+   Enable TCP MD5 security with the given secret.
+
+   This can be specified in either the PCC peer definition or in a
+   configuration group.
+
+
+.. index:: sr-draft07
+.. clicmd:: sr-draft07
+
+   Specify if a PCE only support segment routing draft 7, this flag will limit
+   the PCC behavior to this draft.
+
+   This can be specified in either the PCC peer definition or in a
+   configuration group.
+
+
+.. index:: pce-initiated
+.. clicmd:: pce-initiated
+
+   Specify if PCE-initiated LSP should be allowed for this PCE.
+
+   This can be specified in either the PCC peer definition or in a
+   configuration group.
+
+
+.. index:: timer [keep-alive (1-63)] [min-peer-keep-alive (1-255)] [max-peer-keep-alive (1-255)] [dead-timer (4-255)] [min-peer-dead-timer (4-255)] [max-peer-dead-timer (4-255)] [pcep-request (1-120)] [session-timeout-interval (1-120)] [delegation-timeout (1-60)]
+.. clicmd:: timer [keep-alive (1-63)] [min-peer-keep-alive (1-255)] [max-peer-keep-alive (1-255)] [dead-timer (4-255)] [min-peer-dead-timer (4-255)] [max-peer-dead-timer (4-255)] [pcep-request (1-120)] [session-timeout-interval (1-120)] [delegation-timeout (1-60)]
+
+   Specify the PCEP timers.
+
+   This can be specified in either the PCC peer definition or in a
+   configuration group.
+
+
+.. index:: pcc
+.. clicmd:: [no] pcc
+
+   Disable or start the definition of a PCC.
+
+
+.. index:: msd (1-32)
+.. clicmd:: msd (1-32)
+
+   Specify the maximum SID depth in a PCC definition.
+
+
+.. index:: peer WORD [precedence (1-255)]
+.. clicmd:: [no] peer WORD [precedence (1-255)]
+
+   Specify a peer and its precedence in a PCC definition.
+
+
+Introspection Commands
+----------------------
+
+.. index:: show sr-te policy [detail]
+.. clicmd:: show sr-te policy [detail]
+
+   Display the segment routing policies.
+
+.. code-block:: frr
+
+  router# show sr-te policy
+
+   Endpoint  Color  Name     BSID  Status
+   ------------------------------------------
+   1.1.1.1   1      default  4000  Active
+
+
+.. code-block:: frr
+
+  router# show sr-te policy detail
+
+  Endpoint: 1.1.1.1  Color: 1  Name: LOW_DELAY  BSID: 4000  Status: Active
+      Preference: 100  Name: cand1  Type: explicit  Segment-List: sl1  Protocol-Origin: Local
+    * Preference: 200  Name: cand1  Type: dynamic  Segment-List: 32453452  Protocol-Origin: PCEP
+
+The asterisk (*) marks the best, e.g. active, candidate path. Note that for segment-lists which are
+retrieved via PCEP a random number based name is generated.
+
+
+.. index:: show debugging pathd
+.. clicmd:: show debugging pathd
+
+   Display the current status of the pathd debugging.
+
+
+.. index:: show debugging pathd-pcep
+.. clicmd:: show debugging pathd-pcep
+
+   Display the current status of the pcep module debugging.
+
+
+.. index:: show sr-te pcep counters
+.. clicmd:: show sr-te pcep counters
+
+   Display the counters from pceplib.
+
+
+.. index:: show sr-te pcep pce-config [NAME]
+.. clicmd:: show sr-te pcep pce-config [NAME]
+
+   Display a shared configuration. if no name is specified, the default
+   configuration will be displayed.
+
+
+.. index:: show sr-te pcep pcc
+.. clicmd:: show sr-te pcep pcc
+
+   Display PCC information.
+
+
+.. index:: show sr-te pcep session [NAME]
+.. clicmd:: show sr-te pcep session [NAME]
+
+   Display the information of a PCEP session, if not name is specified all the
+   sessions will be displayed.
+
+
+Utility Commands
+----------------
+
+.. index:: clear sr-te pcep session [NAME]
+.. clicmd:: clear sr-te pcep session [NAME]
+
+   Reset the pcep session by disconnecting from the PCE and performing the
+   normal reconnection process. No configuration is changed.
+
+
+Usage with BGP route-maps
+=========================
+
+It is possible to steer traffic 'into' a segment routing policy for routes
+learned through BGP using route-maps:
+
+.. code-block:: frr
+
+  route-map SET_SR_POLICY permit 10
+   set sr-te color 1
+  !
+  router bgp 1
+   bgp router-id 2.2.2.2
+   neighbor 1.1.1.1 remote-as 1
+   neighbor 1.1.1.1 update-source lo
+   !
+   address-family ipv4 unicast
+    neighbor 1.1.1.1 next-hop-self
+    neighbor 1.1.1.1 route-map SET_SR_POLICY in
+    redistribute static
+   exit-address-family
+   !
+  !
+
+In this case, the SR Policy with color `1` and endpoint `1.1.1.1` is selected.
diff --git a/doc/user/pbr.rst b/doc/user/pbr.rst
index c869c6bc45..5cec7cbe62 100644
--- a/doc/user/pbr.rst
+++ b/doc/user/pbr.rst
@@ -258,6 +258,21 @@ causes the policy to be installed into the kernel.
    | valid  | Is the map well-formed?    | Boolean |
    +--------+----------------------------+---------+
 
+.. _pbr-debugs:
+
+PBR Debugs
+===========
+
+.. index:: debug pbr
+.. clicmd:: debug pbr events|map|nht|zebra
+
+   Debug pbr in pbrd daemon. You specify what types of debugs to turn on.
+
+.. index:: debug zebra pbr
+.. clicmd:: debug zebra pbr
+
+   Debug pbr in zebra daemon.
+
 .. _pbr-details:
 
 PBR Details
diff --git a/doc/user/pim.rst b/doc/user/pim.rst
index dd6a647b4f..201fe2f9ed 100644
--- a/doc/user/pim.rst
+++ b/doc/user/pim.rst
@@ -727,6 +727,13 @@ Clear commands reset various variables.
 
    Rescan PIM OIL (output interface list).
 
+.. index:: clear ip pim [vrf NAME] bsr-data
+.. clicmd:: clear ip pim [vrf NAME] bsr-data
+
+   This command will clear the BSM scope data struct. This command also
+   removes the next hop tracking for the bsr and resets the upstreams
+   for the dynamically learnt RPs.
+
 PIM EVPN configuration
 ======================
 To use PIM in the underlay for overlay BUM forwarding associate a multicast
diff --git a/doc/user/rpki.rst b/doc/user/rpki.rst
index 2c0e5876fa..451df1aa4e 100644
--- a/doc/user/rpki.rst
+++ b/doc/user/rpki.rst
@@ -271,5 +271,5 @@ RPKI Configuration Example
    route-map rpki permit 40
    !
 
-.. [Securing-BGP] Geoff Huston, Randy Bush: Securing BGP, In: The Internet Protocol Journal, Volume 14, No. 2, 2011. <http://www.cisco.com/web/about/ac123/ac147/archived_issues/ipj_14-2/142_bgp.html>
-.. [Resource-Certification] Geoff Huston: Resource Certification, In: The Internet Protocol Journal, Volume 12, No.1, 2009. <http://www.cisco.com/web/about/ac123/ac147/archived_issues/ipj_12-1/121_resource.html>
+.. [Securing-BGP] Geoff Huston, Randy Bush: Securing BGP, In: The Internet Protocol Journal, Volume 14, No. 2, 2011. <https://www.cisco.com/c/dam/en_us/about/ac123/ac147/archived_issues/ipj_14-2/ipj_14-2.pdf>
+.. [Resource-Certification] Geoff Huston: Resource Certification, In: The Internet Protocol Journal, Volume 12, No.1, 2009. <https://www.cisco.com/c/dam/en_us/about/ac123/ac147/archived_issues/ipj_12-1/ipj_12-1.pdf>
diff --git a/doc/user/scripting.rst b/doc/user/scripting.rst
new file mode 100644
index 0000000000..b0295e5706
--- /dev/null
+++ b/doc/user/scripting.rst
@@ -0,0 +1,28 @@
+.. _scripting:
+
+*********
+Scripting
+*********
+
+The behavior of FRR may be extended or customized using its built-in scripting
+capabilities.
+
+Some configuration commands accept the name of a Lua script to call to perform
+some task or make some decision. These scripts have their environments
+populated with some set of inputs, and are expected to populate some set of
+output variables, which are read by FRR after the script completes. The names
+and expected contents of these scripts are documented alongside the commands
+that support them.
+
+These scripts live in :file:`/etc/frr/scripts/` by default. This is
+configurable at compile time via ``--with-scriptdir``. It may be
+overriden at runtime with the ``--scriptdir`` daemon option.
+
+In order to use scripting, FRR must be built with ``--enable-scripting``.
+
+.. note::
+
+   Scripts are typically loaded just-in-time. This means you can change the
+   contents of a script that is in use without restarting FRR. Not all
+   scripting locations may behave this way; refer to the documentation for the
+   particular location.
diff --git a/doc/user/setup.rst b/doc/user/setup.rst
index b2b71cf012..64a33765c2 100644
--- a/doc/user/setup.rst
+++ b/doc/user/setup.rst
@@ -240,3 +240,53 @@ because FRR's monitoring program cannot currently distinguish between a crashed
 The closest that can be achieved is to remove all configuration for the daemon,
 and set its line in ``/etc/frr/daemons`` to ``=no``. Once this is done, the
 daemon will be stopped the next time FRR is restarted.
+
+
+Network Namespaces
+^^^^^^^^^^^^^^^^^^
+
+It is possible to run FRR in different network namespaces so it can be
+further compartmentalized (e.g. confining to a smaller subset network).
+The network namespace configuration can be used in the default FRR
+configuration pathspace or it can be used in a different pathspace
+(`-N/--pathspace`).
+
+To use FRR network namespace in the default pathspace you should add
+or uncomment the ``watchfrr_options`` line in ``/etc/frr/daemons``:
+
+.. code-block:: diff
+
+   - #watchfrr_options="--netns"
+   + watchfrr_options="--netns=<network-namespace-name>"
+
+If you want to use a different pathspace with the network namespace
+(the recommended way) you should add/uncomment the ``watchfrr_options``
+line in ``/etc/frr/<namespace>/daemons``:
+
+.. code-block:: diff
+
+   - #watchfrr_options="--netns"
+   + #watchfrr_options="--netns=<network-namespace-name>"
+   +
+   + # `--netns` argument is optional and if not provided it will
+   + # default to the pathspace name.
+   + watchfrr_options="--netns"
+
+To start FRR in the new pathspace+network namespace the initialization script
+should be called with an extra parameter:
+
+
+.. code::
+
+   /etc/init.d/frr start <pathspace-name>
+
+
+.. note::
+
+   Some Linux distributions might not use the default init script
+   shipped with FRR, in that case you might want to try running the
+   bundled script in ``/usr/lib/frr/frrinit.sh``.
+
+   On systemd you might create different units or parameterize the
+   existing one. See the man page:
+   https://www.freedesktop.org/software/systemd/man/systemd.unit.html
diff --git a/doc/user/subdir.am b/doc/user/subdir.am
index dd7a193e34..3585245e85 100644
--- a/doc/user/subdir.am
+++ b/doc/user/subdir.am
@@ -27,6 +27,7 @@ user_RSTFILES = \
 	doc/user/ospf_fundamentals.rst \
 	doc/user/overview.rst \
 	doc/user/packet-dumps.rst \
+	doc/user/pathd.rst \
 	doc/user/pim.rst \
 	doc/user/ripd.rst \
 	doc/user/pbr.rst \
@@ -34,6 +35,7 @@ user_RSTFILES = \
 	doc/user/routemap.rst \
 	doc/user/routeserver.rst \
 	doc/user/rpki.rst \
+	doc/user/scripting.rst \
 	doc/user/setup.rst \
 	doc/user/sharp.rst \
 	doc/user/snmp.rst \
diff --git a/doc/user/zebra.rst b/doc/user/zebra.rst
index 91cd205bed..a9979558c3 100644
--- a/doc/user/zebra.rst
+++ b/doc/user/zebra.rst
@@ -407,6 +407,14 @@ If no option is chosen, then the *Linux VRF* implementation as references in
 https://www.kernel.org/doc/Documentation/networking/vrf.txt will be mapped over
 the *Zebra* VRF. The routing table associated to that VRF is a Linux table
 identifier located in the same *Linux network namespace* where *Zebra* started.
+Please note when using the *Linux VRF* routing table it is expected that a
+default Kernel route will be installed that has a metric as outlined in the
+www.kernel.org doc above.  The Linux Kernel does table lookup via a combination
+of rule application of the rule table and then route lookup of the specified
+table.  If no route match is found then the next applicable rule is applied
+to find the next route table to use to look for a route match.  As such if
+your VRF table does not have a default blackhole route with a high metric
+VRF route lookup will leave the table specified by the VRF, which is undesirable.
 
 If the :option:`-n` option is chosen, then the *Linux network namespace* will
 be mapped over the *Zebra* VRF. That implies that *Zebra* is able to configure
@@ -759,6 +767,12 @@ IPv6 example for OSPFv3.
    not created at startup.  On Debian, FRR might start before ifupdown
    completes. Consider a reboot test.
 
+.. index:: zebra route-map delay-timer (0-600)
+.. clicmd:: [no] zebra route-map delay-timer (0-600)
+
+   Set the delay before any route-maps are processed in zebra.  The
+   default time for this is 5 seconds.
+
 .. _zebra-fib-push-interface:
 
 zebra FIB push interface