Re: Using old thin clients as a BGP testbed
Does anyone know of organizations that will allow BGP peering sessions (using private AS numbers) to be established for such test systems described on this thread? The application here is for use in teaching an advance routing class @ a community college here in Ohio. Thanks! Glenn On Thu, January 25, 2007 4:54 pm, Claudio Jeker wrote: > On Thu, Jan 25, 2007 at 02:54:54PM -0500, Dan Farrell wrote: > >> I'm in the same position as yourself and I've been in testing and >> production with a set of old Compaq PII-450 workstations with 192 MB RAM >> apiece... they run like a charm with four full tables, with plenty of >> RAM left over. One of them actually died on me, and I've been lazy >> about pulling out one of the other five identical models I have in >> storage to replace it. >> >> It took 10 minutes each to load OBSD on the two and another 40 minutes >> putting the configuration together (that part's dependent on your OBGP, >> CARP, and general BGP skills) and voila... nice little routeservers. >> >> > > For a BGP testlab almost anything will do as long as it has enough RAM or > you limit the number of prefixes to a few 10'000. I runned bgpd on > soekris boxes, sparcs and even mack68k without any troubles. There should > be even enough RAM to run ospfd as well :) > > For production systems just use a fast CPU and good network cards (if you > are routing) plus add between 512M-1GB of RAM. > > -- > :wq Claudio
Re: Version 4.0 release
I would think that there would be some sense of "urgency" to get the new rthreads implementation up-an-running (at least for the i386 and AMD64 platforms) otherwise OpenBSD will become less and less viable as a general purpose server platform (I like OpenBSD a lot) and really hate to see this happen... Just my $0.02 Glenn > I'm not saying OpenBSD is a bad operating system. Far from it. However I > would only use it for routers, firewalls, bridges, etc... Anything that has > to do with networking because after all, OpenBSD's networking is great. > Outside these areas OpenBSD is just too slow and doesn't support > enough hardware. > > Asking for code submission if you want feature x or y doesn't really > float my boat. I only do some high level programming and I know nothing > about kernel internals. I use it where it fits me and equals customer > benefit. If it doesn't I need to search for something else. We are all > specialized in our field, you can't ask a butcher to do a heart operation > even if they both handle meat all the time. > > Please note that this is all IMHO. > > > Glenn
ObenBGP Prefix Limit in v3.9
Is there a new default prefix limit in OpenBSD (v3.9)?? I got the follwoing messages below when trying out the snapshot this weekend, I don't remembere seeing anything like this in V3.8 Glenn "Mar 2 20:59:34 www bgpd[238]: neighbor 2001:4830:e2:25::1 (AS30071): prefix limit reached"
State of Rthreads in OpenBSD 3.9
Is the new Rthreads library functional enought 3.9 that it can be used for 'experimental' purposes? Has there been anything documented yet as to it's used? Thanks! Glenn
Looking Glass for OpenBGP in 3.9?
I read somewhere that there was a 'Looking Glass' implementaion 'in the works' for OpenBSD/OpenBGP 3.9. I was wondering if that was the case? Thanks, Glenn
Re: OpenBGP & IPv6
The works for me perring with the OCCAID network: www:occaid.net and Hurricane Electric's Tunnel Broker Service: http://tunnelbroker.net Both Cisco based equipmentthere must be something else wrong in the configuration... Glenn > Hi, > >> Try: >> >> announce IPv4 unicast >> announce IPv6 unicast > > Nothing does :( > > > -- > Sylvain COUTANT > > ADVISEO > http://www.adviseo.fr/ > http://www.open-sp.fr/
Re: OpenBGP & IPv6
Try: announce IPv4 unicast announce IPv6 unicast Glenn > I was just about to create a new thread when I read : > >> I have not seen it discussed much on the list, but OpenBGP works *very* >> well and is easy to setup using Hurricane Electrics free (ipv6-in-ipv4) > > I try to setup a BGP peering with upstream and I have (v3.8) : > > Jan 7 10:11:19 r2 bgpd[31645]: neighbor 2001:x:21 (x-v6): state change > Idle -> Connect, reason: Start > Jan 7 10:11:19 r2 bgpd[31645]: neighbor 2001:x:21 (x-v6): state change > Connect -> OpenSent, reason: Connection opened > Jan 7 10:11:19 r2 bgpd[31645]: neighbor 2001:x:21 (x-v6): state change > OpenSent -> OpenConfirm, reason: OPEN message received > Jan 7 10:11:19 r2 bgpd[31645]: neighbor 2001:x:21 (x-v6): received > notification: error in OPEN message, unsupported capabil > ity > Jan 7 10:11:19 r2 bgpd[31645]: neighbor 2001:x:21 (x-v6): > parse_notification: capa_len 16 exceedsremaining msg length > Jan 7 10:11:19 r2 bgpd[31645]: neighbor 2001:x:21 (x-v6): state change > OpenConfirm -> Idle, reason: NOTIFICATION received > > > Upstream told me about capability : "We do 'inet6.unicast' only". Upstream > router is a Juniper. > > Relevant configuration is : > > network 2001:1b58::/32 > > group "Upstream" { > set localpref xxx > announceself > > neighbor x.x.x.x { > remote-as x > descr x-v4 > } > > neighbor 2001:x:0021 { > remote-as x > descr x-v6 > } > } > > > Any idea what I've done wrong again ? > > > BR, > > -- > Sylvain COUTANT > > ADVISEO > http://www.adviseo.fr/ > http://www.open-sp.fr/
OpenBGP & IPv6
I have not seen it discussed much on the list, but OpenBGP works *very* well and is easy to setup using Hurricane Electrics free (ipv6-in-ipv4) tunnel broker service. Kudos to Henning for all the good work that went into making this available in v3.8!! I will try and create a quick and dirty web page in the next few days to illustrate how I set this up incase anyone else is interested in trying out... Glenn
Re: MPLS-VPN Support in OpenBSD
Claudio, Thanks for taking the time to give us your insigh on this technology, I agree that it is a very interesting discussion:) I guess that explains why there is very little interested in mpls-vpns in open source project the last several years (except for the work James Leu) is doing... Glenn > On Fri, Jan 06, 2006 at 11:12:23PM +0100, Thomas Bvrnert wrote: >> Thanks Claudio. Is there also an security issue on MPLS VPN ? >> Or is a normal VPN much secure als MPLS VPN ? >> > > MPLS VPNs are normaly not encrypted. It is just used to tunnel multiple > networks over a backbone network without touching the traffic. > So it is possible to bridge networks -- the customer does not realize that > there is a MPLS VPN in between. This is what some metro networks do. > > -- > :wq Claudio
MPLS-VPN Support in OpenBSD
Hi, I was wondering if there were any plans to add MPLS/VPN support into OpenBSD? NetBSD had some folks working on the Amaye project (http://www.ayame.org/) but that seems to have been dormant for a long time... Thanks, Glenn
Re: BGPD Boot-Time Startup Problem
The ipv6 newtwork is setup in rc.local: #Setup ipv6 routing: echo -n 'Setting Up IPv6 to OCCAID Network' ifconfig gif0 giftunnel 68.21.68.114 69.72.192.238 ifconfig gif0 inet6 2001:4830:e2:25::2 route add -inet6 2001:4830:e2:25::1 -prefixlen 64 2001:4830:e2:25::2 route add -inet6 default 2001:4830:e2:25::1 It could well be that on boot-up this is address is not avaiable yet..and I might need to put in a delay (say startup with cron perhaps)... Thanks; Glenn > On Thu, Dec 15, 2005 at 06:34:04PM -0500, [EMAIL PROTECTED] wrote: >> When I try and startup OpenBGP at boot time I get the following error >> message: >> >> Dec 15 18:15:45 www bgpd[31059]: neighbor 2001:4830:e2:25::1 (AS30071): >> session_connect bind: Can't assign requested address >> > > You force a local address bgpd has to bind to via the local-address config > option. It seems that on bootup the requested address is not yet > available. It looks like your IPv6 settup is done after bgpd is started. > > How do you configure the IPv6 network? > >> Is there some type of a problem in synchroniziation at boot time wih >> remote AS's? Maybe sometime of a delay is needed under certain >> circunstances... >> > > It mostly depends on when your local address gets available. > > -- > :wq Claudio
BGPD Boot-Time Startup Problem
When I try and startup OpenBGP at boot time I get the following error message: Dec 15 18:15:45 www bgpd[31059]: neighbor 2001:4830:e2:25::1 (AS30071): session_connect bind: Can't assign requested address When trying to perr with the OCCAID network (www.occaid.net), running IPV6 however when I start the process up manually (after the computer is booted): /usr/sbin/bgpd -f /etc/bgpd.conf The process connexts and runs just fine: BGP neighbor is 2001:4830:e2:25::1, remote AS 30071 Description: AS30071 BGP version 4, remote router-id 65.126.230.2 BGP state = Established, up for 00:12:28 Last read 00:00:29, holdtime 180s, keepalive interval 60s Neighbor capabilities: Multiprotocol extensions: IPv6 Unicast Route Refresh Message statistics: Sent Received Opens1 1 Notifications0 0 Updates 0741 Keepalives 13 14 Route Refresh0 0 Total 14756 Local host:2001:4830:e2:25::2, Local port: 9611 Remote host: 2001:4830:e2:25::1, Remote port: 179 Is there some type of a problem in synchroniziation at boot time wih remote AS's? Maybe sometime of a delay is needed under certain circunstances... Thanks! Glenn
Re: anyone tried bgpd vs. he.net/tunnelbroker.net
your only workaround is to not send any capability it does not grok. this is guesswork. you might want to try to not announce v4 unicast capabilities... I was wondering exactly how this was specified in the bgpd.conf file? Since I was trying to do the same thing to connect to he.net and try out the new ipv6 capabilities of bgpd... Thanks! Glenn