Hi Guys/Gals
I have a stock install of OpenBSD/BGP 3.8 and I'm finding some weird
happenings. I'm part of the Virt-IX project (http://www.virt-ix.net/),
which is a training ground for learning BGP.
The Setup is an OpenVPN connection to a peering LAN (194.126.235.0/24_
where other participants host there routers. Below is my 'bgpctl sh'
# bgpctl sh
Neighbor AS MsgRcvd MsgSent OutQ Up/Down
State/PrefixRcvd
New-V-IX 65438 1750 1749 0 1d05h06m 1
New-V-IX 64542 1221 1223 0 12:08:02 1
New-V-IX 65213 1752 1751 0 1d05h08m 1
cymrubogon-p2 65333 1751 1750 0 18:34:29
63/1000
cymrubogon-p1 65333 1753 1750 0 1d05h08m
63/1000
New-V-IX 0 0 0 0 Never Active
Melchior 65101 115012 3503 0 1d04h13m 183805
default virt-ix 31064 147297 3506 0 1d04h07m 183799
tvk 65126 1753 1751 0 1d05h08m 2
Lex van Roon (r3boot 65342 3497 3505 0 15:59:06 1
daviper 64662 1753 1754 0 10:02:14 2
lotjuh 65188 1752 1751 0 1d05h08m 1
mszabo 65302 1752 1751 0 1d05h08m 1
# bgpctl -n sh
Neighbor AS MsgRcvd MsgSent OutQ Up/Down
State/PrefixRcvd
194.126.235.89 65438 1750 1749 0 1d05h06m 1
194.126.235.49 64542 1221 1224 0 12:08:06 1
194.126.235.51 65213 1752 1751 0 1d05h08m 1
38.229.0.5 65333 1751 1750 0 18:34:33
63/1000
206.71.160.162 65333 1753 1750 0 1d05h08m
63/1000
194.126.235.0/24 0 0 0 0 Never Active
194.126.235.7 65101 115012 3503 0 1d04h13m 183805
194.126.235.1 31064 147297 3507 0 1d04h07m 183799
194.126.235.29 65126 1753 1751 0 1d05h08m 2
194.126.235.111 65342 3497 3506 0 15:59:10 1
194.126.235.43 64662 1753 1754 0 10:02:18 2
194.126.235.3 65188 1752 1751 0 1d05h08m 1
194.126.235.47 65302 1752 1751 0 1d05h08m 1
(My bgpd.conf is at the bottom)
I've done some traffic engineering and selected some non optimal
routing;
As you can see, I'm looking at the AS path to www.openbgpd.com
(81.209.180.64)
bgpctl bgpd
# bgpctl sh ip bgp 81.209.180.64
flags: * = Valid, > = Selected, I = via IBGP, A = Announced
origin: i = IGP, e = EGP, ? = Incomplete
flags destination gateway lpref med aspath origin
*> 81.209.180.0/22 194.126.235.1 150 15 65101 31064 15703
13237 24640 i
* 81.209.180.0/22 194.126.235.1 100 15 31064 31064 15703
13237 24640 i
#
The selected path to 81.209.180.64 is thru:-
65101 31064 15703 13237 24640
As you can see, AS65101 (194.126.235.7) is the preferred route, but has
the same gateway as AS31064 (the optimal route) just to double check
that its not a glitch, I do a traceroute to www.openbgpd.com
# traceroute www.openbgpd.com
traceroute to www.openbgpd.com (81.209.180.64), 64 hops max, 40 byte
packets
1 rtr-1.peering.virt-ix.net (194.126.235.1) 10.360 ms 10.277 ms
10.197 ms
2 c1201-gateway.trueserver.nl (213.193.208.73) 16.562 ms 17.771 ms
17.921 ms
3 AMS-IX.AMS-1-eth010-101.nl.lambdanet.net (195.69.144.212) 11.199 ms
11.106 ms 10.990 ms
4 DUS-2-pos700.de.lambdanet.net (82.197.128.29) 17.578 ms 17.549 ms
18.49 ms
5 HAN-7-pos600.de.lambdanet.net (217.71.105.125) 22.427 ms 21.874 ms
22.775 ms
6 HAM-4-pos010.de.lambdanet.net (217.71.105.34) 28.18 ms 27.124 ms
27.191 ms
7 ge2.cr10.ham.bsws.de (80.86.162.34) 26.241 ms 26.597 ms 26.375 ms
8 ge0.cr20.ham.bsws.de (80.86.183.4) 26.954 ms 26.806 ms 27.17 ms
9 064.n30.ham.bsws.de (81.209.180.64) 27.87 ms 27.357 ms 27.180 ms
I would expect the first two hops to be:-
1 virtix-gw.melchioraelmans.nl (194.126.235.7)
2 rtr-1.peering.virt-ix.net (194.126.235.1)
3 ..
4 ...
For another example, I have a Neighbour of AS65438 at 194.126.235.89,
announcing 195.16.86.208/29.
Now when I look at the AS Path to 195.16.86.208/29 I get:-
# bgpctl sh ip bgp 195.16.86.208
flags: * = Valid, > = Selected, I = via IBGP, A = Announced
origin: i = IGP, e = EGP, ? = Incomplete
flags destination gateway lpref med aspath origin
*> 195.16.86.208/29 194.126.235.89 150 15 65101 65438 i
* 195.16.86.208/29 194.126.235.89 100 0 65438 i
* 195.16.86.208/29 194.126.235.89 100 15 31064 31064 65438
i
#
You see, I get the same thing:-
*> 195.16.86.208/29 194.126.235.89 150 15 65101 65438 i
Out of the three valid routes, AS65101 should be my route and have the
gateway of 194.126.235.7, but the gateway's addresses are all the same
for the optimal AS Path and not the engineered AS Path.
There are no other routing protocols running, my only guess is that's
because the peering LAN is on a /24, something else is caching the
routes.
Please help.
Now that's out of the way, I have a general question that has been
bugging me for ages is, how do you get to see the traffic transferred on
a OpenBSD box, on Linux boxes you can find that information on the
interfaces when running 'ifconfig'
# cat /etc/bgpd.conf
# bgpd.conf,v 0.4 19/04/2006 21:22:16 ben ashton # virt-ix bgpd
configuration file
# global configuration
AS 65103
router-id 194.126.235.13
holdtime 180
holdtime min 3
fib-update yes
rde med compare always
#log updates
listen on 194.126.235.13
network 195.16.84.8/29
group "virt-ix announce self" {
announce self
neighbor 194.126.235.47 {
descr "mszabo"
remote-as 65302
}
neighbor 194.126.235.3 {
descr "lotjuh"
remote-as 65188
}
neighbor 194.126.235.43 {
descr "daviper"
remote-as 64662
}
neighbor 194.126.235.111 {
descr "Lex van Roon (r3boot)"
remote-as 65342
}
neighbor 194.126.235.29 {
descr "tvk"
remote-as 65126
}
}
group "virt-ix announce all" {
announce self
neighbor 194.126.235.1 {
descr "default virt-ix"
remote-as 31064
}
neighbor 194.126.235.7 {
descr "Melchior"
remote-as 65101
}
}
group "New-V-IX" {
neighbor 194.126.235.0/24 {
descr "New-V-IX"
passive
announce self
}
}
group "cymru peering bogon" {
neighbor x.x.x.x {
descr "cymrubogon-p1"
remote-as 65333
multihop 64
local-address 194.126.235.13
max-prefix 1000
announce none
tcp md5sig password Monkeys
}
neighbor x.x.x.x {
descr "cymrubogon-p2"
remote-as 65333
multihop 64
local-address 194.126.235.13
max-prefix 1000
announce none
tcp md5sig password Monkeys
}
}
match from any community *:* set metric 10 match from group "virt-ix
announce all" set metric 15 match from 194.126.235.1 set
prepend-neighbor 1 match from 194.126.235.7 set localpref 150
allow from any community 31064:4000 set pftable "VIX-True"
allow from any community 31064:1000 set pftable "VIX-User"
allow from any community 31064:500 set pftable "VIX-Orig"
allow from any community 65333:888 set pftable "bogons"
allow from any community 65333:888 set nexthop blackhole
#allow from any community 31064:4000 set rtlabel "VIX-True"
#allow from any community 31064:1000 set rtlabel "VIX-User"
#allow from any community 31064:500 set rtlabel "VIX-Orig"
#allow from any community 65333:888 set rtlabel "bogons"
deny from any prefix 0.0.0.0/0
deny from any prefix 10.0.0.0/8 prefixlen >= 8 deny from any prefix
172.16.0.0/12 prefixlen >= 12 deny from any prefix 192.168.0.0/16
prefixlen >= 16 deny from any prefix 169.254.0.0/16 prefixlen >= 16 deny
from any prefix 192.0.2.0/24 prefixlen >= 24 deny from any prefix
224.0.0.0/4 prefixlen >= 4 deny from any prefix 240.0.0.0/4 prefixlen >=
4
#
