This is my first post and also the first post of a series that it deals with simple configuration examples on implementing IPv4/IPv6 Dual Stack BGP on Open Source Routing platforms, these configurations are only the basics to help you get Dual Stack up on your network. The post have the intention of giving informations on how to configure OpenBGPD. I will not explain tha basics of OpenBSD’s networking like installation or interface configuration etc, i will just give you the complete solution to get it running, maybe later i will make a post about these basics but i think the official FAQ is enough.
OpenBGPD
In my opinion OpenBSD with OpenBGPD and/or OpenOSPFD is the most rock-solid stable open source solution out there but this ofcourse is my point of view, both stable and easy to use, and it comes with the world’s best man pages, so use this only as starting point if you man bgpd.conf all configuration options are there very clear, if you dont see a feature on this man page then OpenBGPD doesnt support the feature at all, this is the cost to stay stable i think. I am running a number of production servers with OpenBSD and OpenBGPD but i dont use Dual Stack yet so i havent tested such configuration in the real world.
Lets go straight to lab informations.
ISP router details:
AS: 1000
IPv4 network: 10.0.0.0/8
IPv6 network: fc00::/32
Peering Interface: f0/1
Peering address IPv4: 10.0.0.1/30
Peering address IPv6: fc00::1:1/126
OpenBGPD router details:
AS: 100
IPv4 network: 192.168.0.0/21
IPv6 network: fc00:1::/32
Peering Interface: em0
Peering address IPv4: 10.0.0.2/30
Peering address IPv6: fc00::1:2/126
The configuration of OpenBGPD to announce our networks and learn our ISP’s networks is as follow:
# cat /etc/bgpd.conf # Global configuration AS 100 router-id 10.0.0.2 # Our Address Space network 192.168.0.0/21 network fc00:1::/32 # IPv4 Peers neighbor 10.0.0.1 { remote-as 1000 descr UpstreamIPv4 local-address 10.0.0.2 announce IPv4 unicast } # IPv6 Peers neighbor fc00::1:1 { remote-as 1000 descr UpstreamIPv6 local-address fc00::1:2 announce IPv6 unicast }
OpenBSD by default doesnt forwards traffic so we have to turn on forwarding for IPv4 and IPv6 this can be done from the console with the following commands:
# sysctl net.inet.ip.forwarding=1 net.inet.ip.forwarding: 1 -> 1 # sysctl net.inet6.ip6.forwarding=1 net.inet6.ip6.forwarding: 1 -> 1
if you want to start forwarding at boot you must change the above values on /etc/sysctl.conf as shown below.
# $OpenBSD: sysctl.conf,v 1.49 2011/02/16 10:37:45 mikeb Exp $ # # This file contains a list of sysctl options the user wants set at # boot time. See sysctl(3) and sysctl(8) for more information on # the many available variables. # net.inet.ip.forwarding=1 # 1=Permit forwarding (routing) of IPv4 packets #net.inet.ip.mforwarding=1 # 1=Permit forwarding (routing) of IPv4 multicast packets #net.inet.ip.multipath=1 # 1=Enable IP multipath routing #net.inet.icmp.rediraccept=1 # 1=Accept ICMP redirects #net.inet6.icmp6.rediraccept=0 # 0=Don't accept IPv6 ICMP redirects net.inet6.ip6.forwarding=1 # 1=Permit forwarding (routing) of IPv6 packets #net.inet6.ip6.mforwarding=1 # 1=Permit forwarding (routing) of IPv6 multicast packets #net.inet6.ip6.multipath=1 # 1=Enable IPv6 multipath routing #net.inet6.ip6.accept_rtadv=1 # 1=Permit IPv6 autoconf (forwarding must be 0) ... ... ...
Next we need to start BGP daemon, this can be done from console with the following command:
# bgpd
if you want to start bgpd at boot you must change the below line on the file /etc/rc.local
# more /etc/rc.conf | grep bgpd bgpd_flags="" # for normal use: ""
Verify Commands:
# bgpctl show Neighbor AS MsgRcvd MsgSent OutQ Up/Down State/PrfRcvd UpstreamIPv6 1000 8 3 0 00:00:28 4 UpstreamIPv4 1000 8 3 0 00:00:28 4
shows us our neighbors their uptime and received prefixes numbers.
# bgpctl show rib flags: * = Valid, > = Selected, I = via IBGP, A = Announced origin: i = IGP, e = EGP, ? = Incomplete flags destination gateway lpref med aspath origin *> 10.0.0.0/8 10.0.0.1 100 0 1000 i AI*> 192.168.0.0/21 0.0.0.0 100 0 i 192.168.0.0/21 10.0.0.1 100 0 1000 100 i *> 192.168.8.0/21 10.0.0.1 100 0 1000 200 i *> 192.168.16.0/21 10.0.0.1 100 0 1000 300 i *> fc00::/32 fc00::1:1 100 0 1000 i AI*> fc00:1::/32 :: 100 0 i fc00:1::/32 fc00::1:1 100 0 1000 100 i *> fc00:2::/32 fc00::1:1 100 0 1000 200 i *> fc00:3::/32 fc00::1:1 100 0 1000 300 i
shows us all routes received from our neigbors and they are added to our RIB it also shows our announced prefixes.
# bgpctl show fib bgp flags: * = valid, B = BGP, C = Connected, S = Static N = BGP Nexthop reachable via this route r = reject route, b = blackhole route flags prio destination gateway *B 48 10.0.0.0/8 10.0.0.1 *B 48 192.168.8.0/21 10.0.0.1 *B 48 192.168.16.0/21 10.0.0.1 *B 48 fc00::/32 fc00::1:1 *B 48 fc00:2::/32 fc00::1:1 *B 48 fc00:3::/32 fc00::1:1
show us routes selected from bgp daemon and they are placed to the kernel’s routing table or Forwarding Table.
Thats all for OpenBGPD configuration, i am not an OpenBGPD or OpenBSD master so i will be very glad to receive feedback from you about any mistakes i have done in this post or recommendations.
Hi man,
First, congratulations for your great howto webpage.
That was the better page that i found on web.
I work on an ISP on Brazil and today we are routing with Mikrotik Routers. They are awesome, but our traffic are increasing, and for this we are looking for other stable solution.
For this, I’m starting to learn/create a router with OpenBSD + OpenBGPD.
Your example was fantastic, but I have one question. You don’t use the 2 NICs on your OpenBGPD router? One connected on ISP, and other connected on your switch?
My question is because your example presents Peering Interface: f0/1. This is a Cisco name interface (correct?). How is your topology?
I appreciated if you could help.
Hello Urik, OpenBSD will do the best job when it comes to routing, in this example i am describing just the peering interface between 2 routers, OpenBGPD to Cisco for the BGP Peering.
Hi man, thanks for your reply.
Regards.
Thanks for your guide, it helped me; question do you know who to announce prefix to neighbor with community string attach?
Thanks,
Hello motty, im glad my post helps people even some years later, ofcourse you can set community to outgoing prefixes, you must use the match statement to match the prefix and then add your communities,
Example:
match to any prefix 10.10.10.0/24 set community 65000:100
for any extra information you can read the bgpd.conf manual page these manuals are awesome.
Nice Post!! It would be great, if you could make additional blog posts in sharing your knowledge on Openbgpd.
Thanks, Your post is useful for me. 🙂