Re: Microsoft's war on plain text email in open source
Text-only was great in 1985. - Mike Hammett Intelligent Computing Solutions Midwest Internet Exchange The Brothers WISP - Original Message - From: "Frank Beuth" To: misc@openbsd.org Sent: Wednesday, August 26, 2020 3:28:50 AM Subject: Microsoft's war on plain text email in open source "Linux kernel development which is driven by plain-text email discussion needs better or alternative collaborative tooling "to bring in new contributors and maintain and sustain Linux in the future," says Sarah Novotny, Microsoft's representative on the Linux Foundation board. Said tooling could be "a text-based, email-based patch system that can then also be represented in a way that developers who have grown up in the last five or ten years are more familiar with," she added. ... Should it migrate toward something more like, say, issues and pull requests on the Microsoft-owned GitHub? “I’m not saying that there will be a move in any time that I can see my crystal ball’s broken but I do think there needs to be expansions in the way people can enter that workflow,” said Novotny. “It is a fairly specific workflow that is a challenge for some newer developers to engage with. As an example, my partner submitted a patch to OpenBSD a few weeks ago, and he had to set up an entirely new mail client which didn’t mangle his email message to HTML-ise or do other things to it, so he could even make that one patch. That’s a barrier to entry that’s pretty high for somebody who may want to be a first-time contributor.”" https://www.theregister.com/2020/08/25/linux_kernel_email/
Re: Good Quality Microphone for Podcasts compatible with OpenBSD
At a minimum, just spoken voice and pipe it to Skype and another web app that collects different podcast participant's audio. I use a Blue Yeti, but that's on Windows. ;-) - Mike Hammett Intelligent Computing Solutions Midwest Internet Exchange The Brothers WISP - Original Message - From: "U'll Be King Of The Stars" To: misc@openbsd.org, "Tom Smyth" , "Misc" Sent: Friday, August 9, 2019 2:27:00 PM Subject: Re: Good Quality Microphone for Podcasts compatible with OpenBSD Hi Tom, What are you actually doing? What kind of audio are you processing? Can you tell us more about your project? Andrew On 9 August 2019 19:43:12 BST, Tom Smyth wrote: >Hi All, > >just wondering any of you audiophiles who use OpenBSD do you have >recommended Microphones / Sound cards / data acquisition interfaces >that would work well with OpenBSD... >any recommendations suggestions welcome ... Sound is not something >I have messed much with OpenBSD... and I may as well ask people in the >know > >Thanks and Happy Friday Folks > > >-- >Kindest regards, >Tom Smyth.
Re: PCI-Passthrough XL710 NIC ixl OpenBSD Guest reboot Resets Hypervisor OS
Did that fix it? - Mike Hammett Intelligent Computing Solutions Midwest Internet Exchange The Brothers WISP - Original Message - From: "Tom Smyth" To: "Misc" Sent: Tuesday, July 30, 2019 8:30:04 AM Subject: PCI-Passthrough XL710 NIC ixl OpenBSD Guest reboot Resets Hypervisor OS Hello all, I recently have been playing with PCI Pass through, IO MMU / SR-IOV with Intel NIC XL710 based 40G nic ixl drivers with proxmox / kvm and qemu as a hypervisor and OpenBSD as the guest vms, we encountered an issue where if I passed through the Physical Function (full nic pass through) that when reboot / halt -p command was entered on the guest the hypervisor / proxmox would reset and reboot also after diagnosing and trying to pass-through other devices such as the intel pro 1000 em nics they did not seem to cause the hypervisor to reboot when rebooting the openBSD Guest I got on to the friendly people at HotLava systems (my nic vendor) and they suggested the firmware of the NICs be upgraded, I installed the version 7.00 nic firmware (replacing version 6.01 firmware the tool I used to update the firmware on the hypervisor was ./nvmupdate64e and comes with the firmware package from the Intel Download site... I hope this helps anyone trying to run openBSD on a KVM / Qemu based hypervisor like Proxmox I couldnt find this issue documented anywhere so im sending this to the list... im sure there is also a security issue where the hypervisor can be hard reset, by a guest being rebooted ... but this is a question for the Hypervisor and not OpenBSD Hope this helps anyone who has encountered it in the past and those who may encounter it in the future -- Kindest regards, Tom Smyth.
Re: OpenBGPD - Adding Diversity to the Route Server Landscape (ripe.net)
Why worry about HTTPS? What's to gain? Job's Twitter is very promising. - Mike Hammett Intelligent Computing Solutions Midwest Internet Exchange The Brothers WISP - Original Message - From: "Kollar Arpad" To: misc@openbsd.org, edit...@undeady.org Sent: Wednesday, November 28, 2018 8:21:42 AM Subject: OpenBGPD - Adding Diversity to the Route Server Landscape (ripe.net) Hello, 1) fyi: https://news.ycombinator.com/item?id=18549983 -> https://labs.ripe.net/Members/claudio_jeker/openbgpd-adding-diversity-to-route-server-landscape 2) why the heck isn't there a https://openbgpd.org/ ? why is it only via plain http? I know httpS is not a holy grail, but at least it is something.. lets encrypt, like the other domains for OpenBSD? and what is with: https://openntpd.org/ - can we have https there too? Many thanks for reading. Great people! :)
Re: 4-ports router under $150
You have very much done something wrong if your 2011 can't handle 2 megabit. I suggest you seek out a more Mikrotik-specific group for assistance. - Mike Hammett Intelligent Computing Solutions Midwest Internet Exchange The Brothers WISP - Original Message - From: "Karel Gardas" <gard...@gmail.com> To: "Patrick Dohman" <dohmanpatr...@gmail.com> Cc: misc@openbsd.org Sent: Monday, April 9, 2018 7:42:18 AM Subject: Re: 4-ports router under $150 On Sun, 8 Apr 2018 09:39:46 -0500 Patrick Dohman <dohmanpatr...@gmail.com> wrote: > As much as I’d rather not point the blame I found the APU platform buggy when > running OpenBSD. > Yes there are reports of stability with other O.S however subtle > hardware/firmware bugs appeared on several OpenBSD releases. > I’m actually in the other boat when it comes to hardware stability being an > excuse however openbsd'd excellent embedded footprint does well at disclosing > subtle hardware issues. > I’m currently running a MikroTik 2011UiAS that is built on A mips processor. > Quite honestly I’ve found the secret of stability on the network hardware > arena to be distinct/discrete hardware. I'm currently routing with MikroTik 2011L and I'm not satisfied at all. I do have just 2 Mbit ADSL and when I tried to limit bandwith of teenagers to 512kbps I've basically put the board down to knees. E.g. it was running, but ping (from me!) went up to several seconds and whole internet was more dead then with teenagers downloading their stuff. This all with up-to-date RouterOS 6.40.6 from Feb 20 2018 to patch latest vulnerabilities in it. So as you have migrated from APU to MikroTik, I plan to do exactly reverse direction as soon as possible with OBSD on top of APU of course...
OpenBGPd Changes from 5.x to 6.2
Did the config for openbgpd change from 5 to 6? I copied a config file over and it complains about a line I have, `softreconfig in yes`. It doesn't show in https://man.openbsd.org/bgpd.conf but https://man.openbsd.org/bgpctl references it. - Mike Hammett Intelligent Computing Solutions Midwest Internet Exchange The Brothers WISP
Re: Do not give-up on marketing
It sounds more like some people need to get modern messaging platforms and stop making such a big deal out of nothing. - Mike Hammett Intelligent Computing Solutions Midwest Internet Exchange The Brothers WISP - Original Message - From: "Mikko Laine" <mi...@krutt.org> To: r...@protonmail.com Cc: misc@openbsd.org Sent: Sunday, December 3, 2017 10:48:15 AM Subject: Re: Do not give-up on marketing Rupert Gallagher <r...@protonmail.com> wrote: > Finally, the truth behind the aggressive behaviour against me. Some of you > cannot read protonmail posts *because* you read the list through a mail > archive with a substandard implementation of mime encoding. Well, fuck you > and your mail archive. Upgrade, or die slowly. Even if the encoding issue is ignored, your messages still do not conform to the netiquette of this mailing list and make for difficult reading. Please do consider fixing your end.
Re: Do not give-up on marketing
FWIW: It reads just fine in my mail client. I think Mihai needs a better client. - Mike Hammett Intelligent Computing Solutions Midwest Internet Exchange The Brothers WISP - Original Message - From: "Rupert Gallagher" <r...@protonmail.com> To: "Mihai Popescu" <mih...@gmail.com>, misc@openbsd.org Sent: Saturday, December 2, 2017 1:47:45 PM Subject: Re: Do not give-up on marketing I am afraid I cannot do that. The client app does not include a control panel option. There also seems to be a problem with mime handling by the list's own software. There is nothing I can do. :-( Sent from ProtonMail Mobile On Sat, Dec 2, 2017 at 19:12, Mihai Popescu <mih...@gmail.com> wrote: >> Q2xpY2sgb24gc3RpY2tlcnMuCgpodHRwczovL3d3dy5wYXJhbGxlbGxhLm9y > >> Zy9idXkvCgpEbyB0aGUgc2FtZSBhbmQgYmUgaGFwcHku Man, please quit using that >> encoding of ASCII mail. Many people told you that is useless and it is not >> use by mainstream servers. Please have a try and disable this, you are >> killing the internet email list for nothing ! There is no benefit in using >> that sht. Thanks.
Re: OpenBGPd Templates for IXP Manager
I believe IXP Manager has the pieces in place to work with non-BIRD route servers, but not having implemented an alternative, I can't be confident they're complete. However, a lot of IXP Manager is based on customizable templates, so I would be surprised if it didn't work here too. Thanks for the referral to ARouteServer. It has a lot of features and could be quite useful. It doesn't quite replace IXP Manager doing it natively, but it certainly advances me to my end goal. - Mike Hammett Intelligent Computing Solutions Midwest Internet Exchange The Brothers WISP - Original Message - From: "Stuart Henderson" <s...@spacehopper.org> To: misc@openbsd.org Sent: Thursday, October 19, 2017 6:19:55 AM Subject: Re: OpenBGPd Templates for IXP Manager On 2017-10-16, Mike Hammett <openbsd-m...@ics-il.net> wrote: > Here's a quick summary for those outside of the IX community. > > OpenBGPd used to be the spine of the IX route server community. Once IXes > like AMS-IX and DE-CIX ran into scaling issues with the number of prefix > filters, a ton of IXes moved with them over to BIRD. Most IXes will never see > the scale that the previously mentioned do. This was around the 2012 > time-frame. Also around the 2012 time-frame INEX released v3 of IXP Manager, > which took off among IXes. It automated many aspects of the IX. > > Despite IXP Manager being fairly open and templated, INEX uses BIRD and > therefore only produces BIRD templates. We went OpenBGPd on OpenBSD for our > IXes due to OpenBSD's reputation for stability and security. Things have been > manual thus far. > > We started a new IX earlier this year, which took advantage of the about to > be released IXP Manager v4. Still only BIRD templates, however Barry > O'Donovan (of INEX) mentioned that Peter Hessler had expressed interest in > working on OpenBGPd templates for IXP Manager. I had reached out to him, but > he's a busy guy and hasn't been able to follow up much. > > I figured with OpenBGPd largely resolving the prefix filter performance > issues that getting templates for IXP Manager would allow IXes to find some > parity in OpenBGPd with BIRD and hopefully win back market share. However, > I'm not a programmer. I Google for what others have done and mash it > together, at least sometimes successfully. I attempted to forge through the > IXP Manager BIRD templates to convert them myself, but once I got to the meat > and potatoes of the config, I was in way over my head. There's PHP logic, > some template system logic, BIRD logic and no understanding from me. > > I came here hoping to come across someone with more time than Peter who can > help me out with this. > > > https://www.inex.ie/pipermail/ixpmanager/2017-January/000905.html > http://ixp-manager.readthedocs.io/en/latest/features/router-configuration.html > > http://ixp-manager.readthedocs.io/en/latest/features/looking-glass.html > https://github.com/inex/IXP-Manager/tree/17b5d36a57f40569c0da4fbb8e4f666d5e62921c/resources/views/api/v4/router > > https://github.com/inex/IXP-Manager/tree/50c3781711ed38e773f86a8f3017d669d18e464d/resources/skins/inex/api/v4/router > I'm unlikely to have any more time than phessler to look at it, but my 2c: there are two separate parts to this work. One is supporting openbgpd in templates, the other is changing things so that IXP Manager has framework in place to work with _any_ non-BIRD daemon. If you don't care about supporting BIRD as well initially, it might be simpler to hack on the existing BIRD templates/scripts (there are some parts in /tools/runtime as well) so they work with openbgpd instead. This makes the task a bit easier than supporting both, and upstream probably have ideas about how to do that integration anyway (but there's not much point in them doing that unless there's some code existing for a non-BIRD route server to make it worthwhile). The following isn't going to help directly with IXP Manager changes (and obviously IXP Manager has a much wider scope than just being a route daemon config generator), but might be of interest to the same people who read this - there's another IXP config generator that *does* handle both BIRD and openbgpd: https://arouteserver.readthedocs.io/
OpenBGPd Templates for IXP Manager
Here's a quick summary for those outside of the IX community. OpenBGPd used to be the spine of the IX route server community. Once IXes like AMS-IX and DE-CIX ran into scaling issues with the number of prefix filters, a ton of IXes moved with them over to BIRD. Most IXes will never see the scale that the previously mentioned do. This was around the 2012 time-frame. Also around the 2012 time-frame INEX released v3 of IXP Manager, which took off among IXes. It automated many aspects of the IX. Despite IXP Manager being fairly open and templated, INEX uses BIRD and therefore only produces BIRD templates. We went OpenBGPd on OpenBSD for our IXes due to OpenBSD's reputation for stability and security. Things have been manual thus far. We started a new IX earlier this year, which took advantage of the about to be released IXP Manager v4. Still only BIRD templates, however Barry O'Donovan (of INEX) mentioned that Peter Hessler had expressed interest in working on OpenBGPd templates for IXP Manager. I had reached out to him, but he's a busy guy and hasn't been able to follow up much. I figured with OpenBGPd largely resolving the prefix filter performance issues that getting templates for IXP Manager would allow IXes to find some parity in OpenBGPd with BIRD and hopefully win back market share. However, I'm not a programmer. I Google for what others have done and mash it together, at least sometimes successfully. I attempted to forge through the IXP Manager BIRD templates to convert them myself, but once I got to the meat and potatoes of the config, I was in way over my head. There's PHP logic, some template system logic, BIRD logic and no understanding from me. I came here hoping to come across someone with more time than Peter who can help me out with this. https://www.inex.ie/pipermail/ixpmanager/2017-January/000905.html http://ixp-manager.readthedocs.io/en/latest/features/router-configuration.html http://ixp-manager.readthedocs.io/en/latest/features/looking-glass.html https://github.com/inex/IXP-Manager/tree/17b5d36a57f40569c0da4fbb8e4f666d5e62921c/resources/views/api/v4/router https://github.com/inex/IXP-Manager/tree/50c3781711ed38e773f86a8f3017d669d18e464d/resources/skins/inex/api/v4/router Thanks. - Mike Hammett Intelligent Computing Solutions Midwest Internet Exchange The Brothers WISP
Re: QEMU\KCM Guest Agent
Offlist someone recommended I install the QEMU pckage. I'm trying to, but I'm getting dependency errors that I can't seem to resolve. Can't install cairo-1.14.6p1 because of libraries |library fontconfig.10.0 not found | not found anywhere |library freetype.25.0 not found | not found anywhere |library pixman-1.32.6 not found | not found anywhere |library xcb-render.1.0 not found | not found anywhere |library xcb-shm.1.1 not found | not found anywhere - Mike Hammett Intelligent Computing Solutions Midwest Internet Exchange The Brothers WISP - Original Message - From: "Mike Hammett" <openbsd-m...@ics-il.net> To: misc@openbsd.org Sent: Monday, May 15, 2017 12:05:29 PM Subject: QEMU\KCM Guest Agent I'm looking for the guest agent for QEMU\KVM in OpenBSD, but I'm not having great success. Could someone lend a hand? I'm running 6.0. ----- Mike Hammett Intelligent Computing Solutions Midwest Internet Exchange The Brothers WISP
QEMU\KCM Guest Agent
I'm looking for the guest agent for QEMU\KVM in OpenBSD, but I'm not having great success. Could someone lend a hand? I'm running 6.0. - Mike Hammett Intelligent Computing Solutions Midwest Internet Exchange The Brothers WISP
Re: BGPD.conf Question
*bump* - Mike Hammett Intelligent Computing Solutions Midwest Internet Exchange The Brothers WISP - Original Message - From: "Mike Hammett" <openbsd-m...@ics-il.net> Cc: misc@openbsd.org Sent: Wednesday, March 1, 2017 11:09:09 AM Subject: Re: BGPD.conf Question So not useful in a route server qualifying that an inbound route's next hop is the speaker itself. It looks like I can do that with filters, I just wanted to make sure I wasn't missing a better way. ----- Mike Hammett Intelligent Computing Solutions Midwest Internet Exchange The Brothers WISP - Original Message - From: "Stuart Henderson" <s...@spacehopper.org> To: misc@openbsd.org Sent: Wednesday, March 1, 2017 9:04:06 AM Subject: Re: BGPD.conf Question On 2017-03-01, Mike Hammett <openbsd-m...@ics-il.net> wrote: > nexthop qualify via ( bgp | default ) If set to bgp , bgpd(8) may use > BGP routes to verify nexthops. If set to default , bgpd may use the > default route to verify nexthops. By default bgpd will only use static > routes or routes added by other routing daemons like ospfd(8) . > > What is it that this does? This is for step 2 in the route decision process shown in bgpd(8)'s DESCRIPTION section. The nexthop is normally only considered reachable if it's either on a directly connected interface, or where an OSPF or static route points at the nexthop. Having the nexthop for one BGP route reached by the default route or by another BGP route is legal, but would be an unusual and often unwanted configuration.
Re: BGPD.conf Question
So not useful in a route server qualifying that an inbound route's next hop is the speaker itself. It looks like I can do that with filters, I just wanted to make sure I wasn't missing a better way. - Mike Hammett Intelligent Computing Solutions Midwest Internet Exchange The Brothers WISP - Original Message - From: "Stuart Henderson" <s...@spacehopper.org> To: misc@openbsd.org Sent: Wednesday, March 1, 2017 9:04:06 AM Subject: Re: BGPD.conf Question On 2017-03-01, Mike Hammett <openbsd-m...@ics-il.net> wrote: > nexthop qualify via ( bgp | default ) If set to bgp , bgpd(8) may use > BGP routes to verify nexthops. If set to default , bgpd may use the > default route to verify nexthops. By default bgpd will only use static > routes or routes added by other routing daemons like ospfd(8) . > > What is it that this does? This is for step 2 in the route decision process shown in bgpd(8)'s DESCRIPTION section. The nexthop is normally only considered reachable if it's either on a directly connected interface, or where an OSPF or static route points at the nexthop. Having the nexthop for one BGP route reached by the default route or by another BGP route is legal, but would be an unusual and often unwanted configuration.
BGPD.conf Question
nexthop qualify via ( bgp | default ) If set to bgp , bgpd(8) may use BGP routes to verify nexthops. If set to default , bgpd may use the default route to verify nexthops. By default bgpd will only use static routes or routes added by other routing daemons like ospfd(8) . What is it that this does? - Mike Hammett Intelligent Computing Solutions Midwest Internet Exchange The Brothers WISP
Re: OpenBGPd on OpenBSD 5.8 crashing during startup
Another IX using OpenBGPd here and I love seeing development on it and support of it! - Mike Hammett Intelligent Computing Solutions http://www.ics-il.com Midwest Internet Exchange http://www.midwest-ix.com - Original Message - From: "Thorleif Wiik [BCIX]" <thorleif.w...@bcix.de> To: "Thorleif Wiik [BCIX]" <thorleif.w...@bcix.de>, misc@openbsd.org Sent: Wednesday, November 25, 2015 4:45:52 PM Subject: Re: OpenBGPd on OpenBSD 5.8 crashing during startup Hi, @Claudio : Thanks, I'll send you a private message with a download link for core- and logfile. @Sebastian: Yes, we definitely should keep in touch to help BCIX to stay with OpenBSD and not to fly away... @Peter, Thanks for the tip! As this was a production server and I had to restore the service I installed 5.7 which is working. I'll order another third route server (which was approved today :-) to have a better testing environment with 5.8. Hope it will not last too long with delivery... Thorleif On Wed, Nov 25, 2015 at 9:50 PM, Claudio Jeker <cje...@diehard.n-r-g.com> wrote: > On Wed, Nov 25, 2015 at 05:08:27PM +0100, Thorleif Wiik [BCIX] wrote: > > Hi, > > > > OpenBGPd on OpenBSD 5.8 (with all patches applied) is crashing during > > startup. > > > > On a second box with 5.7 and the same hardware/configuration there are no > > problems. > > OpenBGPd is configured as route-server with 118 v4/v6 peers and about > 35300 > > IPv4 > > and 14800 IPv6 routes. > > > > > > Any tips for configuration changes to prevent this on 5.8? > > Something in the session engine corrupted some memory, now the question is > what. Is it possible to get a backtrace of the session engine? > See sysctl(8) at the bottom on how to use kern.nosuidcoredump=3 to get a > core file. > > Wonder if the SE is printing something before it explodes. Is it possible > to get more of the log? > > The poll fd errors are a red herring because this is a case where errno is > not previously set and so it should not print it. See diff at the end of > this mail. > > > Nov 25 13:41:41 route-server bgpd[22856]: startup > > Nov 25 13:41:41 route-server bgpd[22856]: rereading config > > Nov 25 13:41:41 route-server bgpd[30006]: route decision engine ready > > Nov 25 13:43:34 route-server bgpd[30006]: RDE reconfigured > > > > .. many many prefixes > > > > Nov 25 13:45:45 route-server bgpd[30006]: handle_pollfd: poll fd: No > buffer > > space available > > Nov 25 13:45:45 route-server bgpd[30006]: RDE: Lost connection to SE > > Nov 25 13:45:46 route-server bgpd[30006]: handle_pollfd: poll fd: No > buffer > > space available > > Nov 25 13:45:46 route-server bgpd[30006]: RDE: Lost connection to SE > control > > Nov 25 13:45:46 route-server bgpd[22856]: handle_pollfd: poll fd: Invalid > > argument > > Nov 25 13:45:46 route-server bgpd[22856]: main: Lost connection to SE > > Nov 25 13:45:46 route-server bgpd[22856]: Lost child: session engine > > terminated; signal 11 > > Nov 25 13:45:46 route-server bgpd[30006]: route decision engine exiting > > > > > > > > Thanks, Thorleif > > > > > > -- > > Thorleif Wiik, CTO > > thorleif.w...@bcix.de > > > > Tel: +49 160 90378641 > > > > BCIX Management GmbH / BCIX e.V. > > Stromstrasse 5 > > 10555 Berlin - Germany > > > > http://www.bcix.de/ > > https://twitter.com/bcix <http://twitter.com/bcix> > > https://www.facebook.com/BCIX.Internet.Exchange > > > > -- > :wq Claudio > > > Index: bgpd.c > === > RCS file: /cvs/src/usr.sbin/bgpd/bgpd.c,v > retrieving revision 1.182 > diff -u -p -r1.182 bgpd.c > --- bgpd.c 20 Nov 2015 23:26:08 - 1.182 > +++ bgpd.c 25 Nov 2015 20:47:34 - > @@ -903,21 +903,21 @@ handle_pollfd(struct pollfd *pfd, struct > > if (pfd->revents & POLLOUT) > if (msgbuf_write(>w) <= 0 && errno != EAGAIN) { > - log_warn("handle_pollfd: msgbuf_write error"); > + log_warn("imsg write error"); > close(i->fd); > i->fd = -1; > return (-1); > } > > if (pfd->revents & POLLIN) { > - if ((n = imsg_read(i)) == -1) { > - log_warn("handle_pollfd: imsg_read error"); > + if ((n = imsg_read(i)) == -1 && errno != EAGAIN) { > + log_warn("imsg read error"); > close(i->fd); > i->fd = -1; > return (-1); > } > - if (n == 0) { /* connection closed */ > - log_warn("handle_pollfd: poll fd"); > + if (n == 0) { > + log_warnx("peer closed imsg connection"); > close(i->fd); > i->fd = -1; > return (-1); > -- Thorleif Wiik, CTO thorleif.w...@bcix.de Tel: +49 160 90378641 BCIX Management GmbH / BCIX e.V. Stromstrasse 5 10555 Berlin - Germany http://www.bcix.de/ https://twitter.com/bcix <http://twitter.com/bcix> https://www.facebook.com/BCIX.Internet.Exchange
OpenBGPd SNMP
Are there any packages out there that expose OpenBGPd or other OpenBSD parameters via SNMP? Would like to check generic health of the system, number of routes, number of peers, number of routes per peer, etc. - Mike Hammett Intelligent Computing Solutions http://www.ics-il.com Midwest Internet Exchange http://www.midwest-ix.com
OpenBGPd Route Server not doing anything
I'm waiting for the client to verify (again) that their route server configurations are the same, but I've got a network that's peered with two route servers in v4 and v6. Their advertisements are being seen in v4 on both RSes and in v6 on one RS. Here's the problem peer: v6BridgeMaxx 63060 279 253 0 10w0d16h Active I have done a bgpctl log verbose to try to get more information from my side. I was looking in /var/log/messages. Is that where I should be looking? - Mike Hammett Intelligent Computing Solutions http://www.ics-il.com Midwest Internet Exchange http://www.midwest-ix.com
OpenBGPd Version
Is it simply whatever version the OS is now? I didn't see any version switch on the daemon. - Mike Hammett Intelligent Computing Solutions http://www.ics-il.com Midwest Internet Exchange http://www.midwest-ix.com
Re: OpenBGPd Route Server
I would love to have the problem of having so many customers, prefixes and filters that the route server becomes a performance issue. That means the IX has become successful. I know AMS-IX was one that switched from OpenBGPd. They've got somewhere between 600 and 800 networks on the IX. Currently, one building we're in only has 22 networks present. I'm not sure I'll ever hit the issues AMS-IX had. I had seen some complaints about OpenBGPd for IX RS usage, but they were all 2009 - 2011 area. I had assumed the most egregious of them had been fixed by now. Over time I expect I'll implement increasingly advanced configurations, such as separate RIBs per peer. At the suggestion of separate instances of OpenBGPd for v4 and v6, one could very well do a different VM for v4 and v6. I did know to get a 16 bit ASN. Is the 32 bit communities issue an OpenBGPd development issue or a lack of standards\precedent issue? Or, well, I guess something else. - Mike Hammett Intelligent Computing Solutions http://www.ics-il.com - Original Message - From: Stuart Henderson s...@spacehopper.org To: misc@openbsd.org Sent: Thursday, April 16, 2015 1:48:29 AM Subject: Re: OpenBGPd Route Server On 2015-04-15, Mike Hammett openbsd-m...@ics-il.net wrote: With the decline of OpenBGPd's popularity among IXPs, it's difficult to track down examples of how IXPs are configuring their servers. I saw a couple presentations in the 2010 - 2011 timeframe with new things that were coming for 32 bit communities among other things. Common IXP setup is to use transparent-as, and to support fine control of where routes are sent by tagging with communities. The latter requires using separate RIBs per peer (when a filter prevents the route server's best route from being sent to a particular peer you want another route to be sent instead). AFAIK most IXPs that stopped using OpenBGPd did so because of slow convergence times when filtering many routes. Prior to doing this, the one that I know about had already split to separate daemon instances for v4 and v6 to spread the work amongst more cores. They ran into some other problems (debuggable/fixable) but that was the killer. Current best practice for 32 bit communities is if you're doing communities-based filtering, hand back the ASN and exchange it for a 16 bit one. Seriously. There are extended communities but they suffer the IPv6 problem of changing too much, plus they don't even solve the problem (they're 16 + 32 bit, where what is needed is 32 + 32 bit).
Re: OpenBGPd Route Server
What do you have $my_ip4_net and $my_ip6_net set to? I assume the IPv4 and IPv6 blocks that the IX is using? - Mike Hammett Intelligent Computing Solutions http://www.ics-il.com - Original Message - From: Hrvoje Popovski hrv...@srce.hr To: misc@openbsd.org Sent: Wednesday, April 15, 2015 4:34:19 AM Subject: Re: OpenBGPd Route Server On 15.4.2015. 5:23, Mike Hammett wrote: With the decline of OpenBGPd's popularity among IXPs, it's difficult to track down examples of how IXPs are configuring their servers. I saw a couple presentations in the 2010 - 2011 timeframe with new things that were coming for 32 bit communities among other things. I have a route server config that is functional, but I'm sure I'm missing out on things. Anything out there on current best practices for this situation? What I have I pieced together from an AMS-IX presentation and a forum\mailing list thread. Well, and the sample config. Hi, I hope that this configuration will be good enough as a starting point AS $my_as router-id $my_ip4 listen on $my_ip4 listen on $my_ip6 holdtime 180 holdtime min 3 fib-update no log updates nexthop qualify via bgp transparent-as yes socket /var/www/run/bgpd.rsock restricted group rsip4 { local-address $my_ip4 announce IPv6 none announce IPv4 unicast set nexthop no-modify enforce neighbor-as yes announce all #first_peer - IP4 neighbor $first_peer_ip4 { remote-as $first_peer_as tcp md5sig password somepassword41 max-prefix 1024 restart 5 #optional passive } #second_peer - IP4 neighbor $second_peer_ip4 { remote-as $second_peer_as tcp md5sig password somepassword42 max-prefix 1024 restart 5 #optional passive } } group rsip6 { local-address my_ip6 announce IPv6 unicast announce IPv4 none set nexthop no-modify enforce neighbor-as yes announce all #first_peer - IP6 neighbor $first_peer_ip6 { remote-as $first_peer_as tcp md5sig password somepassword61 max-prefix 1024 restart 5 #optional passive } #second_peer - IP6 neighbor $second_peer_ip6 { remote-as $second_peer_as tcp md5sig password somepassword62 max-prefix 1024 restart 5 #optional passive } ... } deny from any inet prefixlen 8 24 deny from any inet6 prefixlen 16 48 deny from any prefix 0.0.0.0/0 deny from any prefix 0.0.0.0/8 prefixlen = 8 # 'this' network [RFC1122] deny from any prefix 10.0.0.0/8 prefixlen = 8 # private space [RFC1918] deny from any prefix 100.64.0.0/10 prefixlen = 10 # CGN Shared [RFC6598] deny from any prefix 127.0.0.0/8 prefixlen = 8 # localhost [RFC1122] deny from any prefix 169.254.0.0/16 prefixlen = 16 # link local [RFC3927] deny from any prefix 172.16.0.0/12 prefixlen = 12 # private space [RFC1918] deny from any prefix 192.0.2.0/24 prefixlen = 24 # TEST-NET-1 [RFC5737] deny from any prefix 192.168.0.0/16 prefixlen = 16 # private space [RFC1918] deny from any prefix 198.18.0.0/15 prefixlen = 15 # benchmarking [RFC2544] deny from any prefix 198.51.100.0/24 prefixlen = 24 # TEST-NET-2 [RFC5737] deny from any prefix 203.0.113.0/24 prefixlen = 24 # TEST-NET-3 [RFC5737] deny from any prefix 224.0.0.0/4 prefixlen = 4 # multicast deny from any prefix 240.0.0.0/4 prefixlen = 4 # reserved deny from any prefix ::/0 deny from any prefix ::/8 prefixlen = 8 deny from any prefix 0100::/64 prefixlen = 64 # Discard-Only [RFC] deny from any prefix 2001:2::/48 prefixlen = 48 # BMWG [RFC5180] deny from any prefix 2001:10::/28 prefixlen = 28 # ORCHID [RFC4843] deny from any prefix 2001:db8::/32 prefixlen = 32 # docu range [RFC3849] deny from any prefix 3ffe::/16 prefixlen = 16 # old 6bone deny from any prefix fc00::/7 prefixlen = 7 # unique local unicast deny from any prefix fe80::/10 prefixlen = 10 # link local unicast deny from any prefix fec0::/10 prefixlen = 10 # old site local unicast deny from any prefix ff00::/8 prefixlen = 8 # multicast # match any with community match from any set community $my_as:65000 # community politics deny to { group rsip4, group rsip6 } community $my_as:65000 deny to { group rsip4, group rsip6 } community 0:$my_as allow to { group rsip4, group rsip6} community $my_as:$my_as deny to { group rsip4, group rsip6 } community 0:neighbor-as allow to { group rsip4, group rsip6 } community $my_as:neighbor-as match to group rsip4 prefix my_ip4_net set prepend-self 1 match to group rsip6 prefix my_ip6_net set prepend-self 1
OpenBGPd Route Server
With the decline of OpenBGPd's popularity among IXPs, it's difficult to track down examples of how IXPs are configuring their servers. I saw a couple presentations in the 2010 - 2011 timeframe with new things that were coming for 32 bit communities among other things. I have a route server config that is functional, but I'm sure I'm missing out on things. Anything out there on current best practices for this situation? What I have I pieced together from an AMS-IX presentation and a forum\mailing list thread. Well, and the sample config. - Mike Hammett Intelligent Computing Solutions http://www.ics-il.com