Hi all, At the moment we are running some tests to use OpenBGPD as a Route-server instead of using Quagga. The first tests are very positive, but we are facing one major problem. We tried our solution on OpenBSD 4.4 as well under 4.5. When we made one route-server, which means that we remove the private AS to al the neighbors, and this not working under OpenBGPD. The route-server can easily make an connection to a lot of quagga/cisco routers, but when a OpenBGPD client wants to join we are facing the following error on the server side:
May 6 17:00:01 openBSD4-5 bgpd[5747]: neighbor 192.168.113.100 (test.4): received notification: error in UPDATE message, AS-Path unacceptable At the client side we see a fatal error: Apr 6 17:00:05 bsd bgpd[24969]: neighbor 192.168.113.1 (test): state change Established -> Idle, reason: Fatal error When we use quagga as client the session is doing fine on both sides, even with community filters. When we are using OpenBGPD we keep facing this message until we are removing the following line: transparent-as yes. Is this a comment problem, or is this a bad configuration of us? Configuration route-server: #macros ASN="64512" peer1="192.168.113.2" AS1="64513" peer2="192.168.113.3" AS2="64514" peer3="192.168.113.4" AS3="64515" peer4="192.168.113.100" AS4="64516" peer5="192.168.113.101" AS5="65534" # global configuration router-id 192.168.113.1 AS $ASN log updates transparent-as yes # network 10.0.1.0/24 neighbor $peer1 { remote-as $AS1 descr test.1 announce all max-prefix 100 restart 300 softreconfig in yes # tcp md5sig key deadbeef } neighbor $peer2 { remote-as $AS2 descr test.2 announce all softreconfig in yes max-prefix 100 restart 1 } neighbor $peer3 { remote-as $AS3 descr test.3 announce all softreconfig in yes max-prefix 100 restart 300 } neighbor $peer4 { remote-as $AS4 descr test.4 local-address 192.168.113.1 holdtime 180 holdtime min 3 announce all softreconfig in yes # max-prefix 100 restart 300 } neighbor $peer5 { remote-as $AS5 descr test.5 announce all softreconfig in yes max-prefix 100 restart 300 } # filter out prefixes longer than 24 or shorter than 8 bits deny from any allow from any inet prefixlen 8 - 24 # Filter the general prefixes # deny to any community *:* # allow to any community 64512:64512 # Filter the per-peer prefixes allow to $peer1 community $ASN:neighbor-as deny to $peer1 community 0:neighbor-as allow to $peer2 community $ASN:neighbor-as deny to $peer2 community 0:neighbor-as allow to $peer3 community $ASN:neighbor-as deny to $peer3 community 0:neighbor-as allow to $peer4 community $ASN:neighbor-as deny to $peer4 community 0:neighbor-as Easy configuration of a client: AS 64516 router-id 192.168.113.100 # log updates network 3.3.3.0/24 neighbor 192.168.113.1 { remote-as 64512 descr test local-address 192.168.113.100 holdtime 180 holdtime min 3 announce all max-prefix 100 restart 300 softreconfig in yes } Thanks in advance! Tom Martin -- View this message in context: http://n2.nabble.com/OpenBGPD-transparent-as-issue-tp2815387p2815387.html Sent from the OpenBSD Misc mailing list archive at Nabble.com.