mindless.gr

This is my first post and also the first post of a series that it deals with simple configuration examples on implementing IPv4/IPv6 Dual Stack BGP on Open Source Routing platforms, these configurations are only the basics to help you get Dual Stack up on your network. The post have the intention of giving informations on how to configure OpenBGPD. I will not explain tha basics of OpenBSD’s networking like installation or interface configuration etc, i will just give you the complete solution to get it running, maybe later i will make a post about these basics but i think the official FAQ is enough.

OpenBGPD

In my opinion OpenBSD with OpenBGPD and/or OpenOSPFD is the most rock-solid stable open source solution out there but this ofcourse is my point of view, both stable and easy to use, and it comes with the world’s best man pages, so use this only as starting point if you man bgpd.conf all configuration options are there very clear, if you dont see a feature on this man page then OpenBGPD doesnt support the feature at all, this is the cost to stay stable i think. I am running a number of production servers with OpenBSD and OpenBGPD but i dont use Dual Stack yet so i havent tested such configuration in the real world.

Lets go straight to lab informations.

ISP router details:

AS: 1000

IPv4 network: 10.0.0.0/8

IPv6 network: fc00::/32

Peering Interface: f0/1

Peering address IPv4: 10.0.0.1/30

Peering address IPv6: fc00::1:1/126

OpenBGPD router details:

AS: 100

IPv4 network: 192.168.0.0/21

IPv6 network: fc00:1::/32

Peering Interface: em0

Peering address IPv4: 10.0.0.2/30

Peering address IPv6: fc00::1:2/126

The configuration of OpenBGPD to announce our networks and learn our ISP’s networks is as follow:

# cat /etc/bgpd.conf
# Global configuration
AS 100
router-id 10.0.0.2

# Our Address Space
network 192.168.0.0/21
network fc00:1::/32

# IPv4 Peers
neighbor 10.0.0.1 {
        remote-as       1000
        descr           UpstreamIPv4
        local-address   10.0.0.2
        announce        IPv4 unicast
}

# IPv6 Peers
neighbor fc00::1:1 {
        remote-as       1000
        descr           UpstreamIPv6
        local-address   fc00::1:2
        announce        IPv6 unicast
}

OpenBSD by default doesnt forwards traffic so we have to turn on forwarding for IPv4 and IPv6 this can be done from the console with the following commands:

# sysctl net.inet.ip.forwarding=1
net.inet.ip.forwarding: 1 -> 1
# sysctl net.inet6.ip6.forwarding=1
net.inet6.ip6.forwarding: 1 -> 1

if you want to start forwarding at boot you must change the above values on /etc/sysctl.conf as shown below.

#       $OpenBSD: sysctl.conf,v 1.49 2011/02/16 10:37:45 mikeb Exp $
#
# This file contains a list of sysctl options the user wants set at
# boot time.  See sysctl(3) and sysctl(8) for more information on
# the many available variables.
#
net.inet.ip.forwarding=1        # 1=Permit forwarding (routing) of IPv4 packets
#net.inet.ip.mforwarding=1      # 1=Permit forwarding (routing) of IPv4 multicast packets
#net.inet.ip.multipath=1        # 1=Enable IP multipath routing
#net.inet.icmp.rediraccept=1    # 1=Accept ICMP redirects
#net.inet6.icmp6.rediraccept=0  # 0=Don't accept IPv6 ICMP redirects
net.inet6.ip6.forwarding=1      # 1=Permit forwarding (routing) of IPv6 packets
#net.inet6.ip6.mforwarding=1    # 1=Permit forwarding (routing) of IPv6 multicast packets
#net.inet6.ip6.multipath=1      # 1=Enable IPv6 multipath routing
#net.inet6.ip6.accept_rtadv=1   # 1=Permit IPv6 autoconf (forwarding must be 0)
...
...
...

Next we need to start BGP daemon, this can be done from console with the following command:

# bgpd

if you want to start bgpd at boot you must change the below line on the file /etc/rc.local

# more /etc/rc.conf | grep bgpd
bgpd_flags=""           # for normal use: ""

Verify Commands:

# bgpctl show
Neighbor                   AS    MsgRcvd    MsgSent  OutQ Up/Down  State/PrfRcvd
UpstreamIPv6             1000          8          3     0 00:00:28      4
UpstreamIPv4             1000          8          3     0 00:00:28      4

shows us our neighbors their uptime and received prefixes numbers.

# bgpctl show rib
flags: * = Valid, > = Selected, I = via IBGP, A = Announced
origin: i = IGP, e = EGP, ? = Incomplete

flags destination          gateway          lpref   med aspath origin
*>    10.0.0.0/8           10.0.0.1           100     0 1000 i
AI*>  192.168.0.0/21       0.0.0.0            100     0 i
      192.168.0.0/21       10.0.0.1           100     0 1000 100 i
*>    192.168.8.0/21       10.0.0.1           100     0 1000 200 i
*>    192.168.16.0/21      10.0.0.1           100     0 1000 300 i
*>    fc00::/32            fc00::1:1          100     0 1000 i
AI*>  fc00:1::/32          ::                 100     0 i
      fc00:1::/32          fc00::1:1          100     0 1000 100 i
*>    fc00:2::/32          fc00::1:1          100     0 1000 200 i
*>    fc00:3::/32          fc00::1:1          100     0 1000 300 i

shows us all routes received from our neigbors and they are added to our RIB it also shows our announced prefixes.

# bgpctl show fib bgp
flags: * = valid, B = BGP, C = Connected, S = Static
       N = BGP Nexthop reachable via this route
       r = reject route, b = blackhole route

flags prio destination          gateway
*B      48 10.0.0.0/8           10.0.0.1
*B      48 192.168.8.0/21       10.0.0.1
*B      48 192.168.16.0/21      10.0.0.1
*B      48 fc00::/32            fc00::1:1
*B      48 fc00:2::/32          fc00::1:1
*B      48 fc00:3::/32          fc00::1:1

show us routes selected from bgp daemon and they are placed to the kernel’s routing table or Forwarding Table.

Thats all for OpenBGPD configuration, i am not an OpenBGPD or OpenBSD master so i will be very glad to receive feedback from you about any mistakes i have done in this post or recommendations.