Re: Best Linux (or BSD) hosted BGP?

On 5/11/23 07:28, Blake Dunlap wrote: I'm confused here, are you intentionally running larger MTU interfaces than the packet filter can handle with default config, and not wanting to change the tunable to fix the config for buffer size for the packet filter, or am I misreading? So I've

Re: Best Linux (or BSD) hosted BGP?

I use bird2 with Debian11 sometimes, I'm curious, what is the usual hardware for using Linux as a router? In addition, the Linux ip rule seems to have a problem with the matching of the ipv4 source address. . . *Brandon Zhi* HUIZE LTD www.huize.asia | www.ixp.su | Twitter

Re: Best Linux (or BSD) hosted BGP?

I'm confused here, are you intentionally running larger MTU interfaces than the packet filter can handle with default config, and not wanting to change the tunable to fix the config for buffer size for the packet filter, or am I misreading? On Wed, May 10, 2023 at 11:51 PM Mark Tinka wrote: > >

Re: Best Linux (or BSD) hosted BGP?

On 5/10/23 15:55, Tom Beecher wrote:  That could just as easily happen today. Every OS release has all kinds of changes to defaults, and frequently don't get caught until they break something. Even if today's FreeBSD defaults worked for this scenario, the next release could change to a

Re: Best Linux (or BSD) hosted BGP?

> > or if future FreeBSD updates decide to "go their own > way"... yes. > That could just as easily happen today. Every OS release has all kinds of changes to defaults, and frequently don't get caught until they break something. Even if today's FreeBSD defaults worked for this scenario, the next

Re: Best Linux (or BSD) hosted BGP?

> > No, but it's brittle. A workaround, not a solution. Likely to break > during future maintenance. "Unpredictable" as Mark put it. > > Nothing a routing daemon does should involve the kernel BPF. The next > sysadmin won't be expecting it. Not sure I agree. Implemented defaults may not be

Re: Best Linux (or BSD) hosted BGP?

On 5/10/23 03:40, Tom Beecher wrote: Adjusting a single tunable is 'onerous'? Ok. In the context of long term administration of the environment, years after everybody has forgotten about the hack, or worse, folk leave and others take over; or if future FreeBSD updates decide to "go

Re: Best Linux (or BSD) hosted BGP?

- Original Message - > From: "William Herrin" > On Tue, May 9, 2023 at 6:40 PM Tom Beecher wrote: >>> The implication being that while it might work, it would make >>> administration of >>> the system onerous and unpredictable, considering we are dealing with a ton >>> of >>> FreeBSD

Re: Best Linux (or BSD) hosted BGP?

On Tue, May 9, 2023 at 6:40 PM Tom Beecher wrote: >> The implication being that while it might work, it would make administration >> of the system onerous and unpredictable, considering we are dealing with a >> ton of FreeBSD installations, and not just a single server. > > Adjusting a single

Re: Best Linux (or BSD) hosted BGP?

> > The implication being that while it might work, it would make > administration of the system onerous and unpredictable, considering we are > dealing with a ton of FreeBSD installations, and not just a single server. > Adjusting a single tunable is 'onerous'? Ok. On Tue, May 9, 2023 at 9:00 

Re: Best Linux (or BSD) hosted BGP?

On 5/9/23 14:32, Tom Beecher wrote: Except you didn't exactly "call out limitations". You simply said : IS-IS in Quagga and FRR are not yet ready for business, is what I would caution. The reality is that's not true. And just a few weeks prior, I had given an update about

Re: Best Linux (or BSD) hosted BGP?

> > I think we all appreciate how open source projects work. Calling out > their limitations is as old as mailing lists. I don't code. I test a > lot, and continue to test IS-IS in FRR on FreeBSD every year or so. I'll > keep testing and giving feedback at least once or twice a year. If it's >

Re: Best Linux (or BSD) hosted BGP?

On 5/9/23 00:03, Jeff Tantsura wrote: Saying that IS-IS in FRR is broken is incorrect, that it is in many ways weird - no offense to folks who coded it :) (especially if you have worked with commercial code bases), that it doesn’t scale/naive, missing features - for sure. FRR runs today

Re: Best Linux (or BSD) hosted BGP?

On 5/8/23 22:52, William Herrin wrote: Hi Mark, I'm not sure I'd call bugs that don't appear when running FRR on Linux (only FreeBSD), "not yet ready for business." Or did I misunderstand your bug report? Don't get me wrong: if you tell me it's not right until it works without

Re: Best Linux (or BSD) hosted BGP?

Saying that IS-IS in FRR is broken is incorrect, that it is in many ways weird - no offense to folks who coded it :) (especially if you have worked with commercial code bases), that it doesn’t scale/naive, missing features - for sure. FRR runs today some of the biggest DCs in the world and

Re: Best Linux (or BSD) hosted BGP?

All fixed (thanks Donald) CVE-2022-40302 and CVE-2022-40318: https://github.com/FRRouting/frr/pull/12043 CVE-2022-43681: https://github.com/FRRouting/frr/pull/12247 Cheers, Jeff > On May 3, 2023, at 2:52 AM, Hank Nussbacher wrote: > > On 02/05/2023 17:56, Warren Kumari wrote: > > For those

Re: Best Linux (or BSD) hosted BGP?

On Wed, May 3, 2023 at 9:04 PM Mark Tinka wrote: > IS-IS in Quagga and FRR are not yet ready for business, is what I would > caution. Hi Mark, I'm not sure I'd call bugs that don't appear when running FRR on Linux (only FreeBSD), "not yet ready for business." Or did I misunderstand your bug

Re: Best Linux (or BSD) hosted BGP?

On 5/8/23 18:45, Mark Tinka wrote: On 5/8/23 15:44, Bryan Holloway wrote: You said, "IS-IS in Quagga and FRR are not yet ready for business, ..." Not ready for business in what way? Performance? Cross-vendor compatibility? Features? Or did I misunderstand your statement? Broken when

Re: Best Linux (or BSD) hosted BGP?

On 5/8/23 18:45, Mark Tinka wrote: Broken when talking to Cisco IOS XE. Catalogued here: https://lists.frrouting.org/pipermail/frog/2023-March/001265.html I have no doubt FRR can talk IS-IS to other instances of FRR, but that is not a realistic scenario in a large scale network with

Re: Best Linux (or BSD) hosted BGP?

On 5/8/23 15:44, Bryan Holloway wrote: You said, "IS-IS in Quagga and FRR are not yet ready for business, ..." Not ready for business in what way? Performance? Cross-vendor compatibility? Features? Or did I misunderstand your statement? Broken when talking to Cisco IOS XE. Catalogued

Re: Best Linux (or BSD) hosted BGP?

On 5/8/23 07:03, Mark Tinka wrote: On 5/8/23 00:22, Bryan Holloway wrote: Curious to hear more specifics about your IS-IS assertion. We've been running it on FRR for some time without incident, but I'll concede that we don't do very much with it other than saying, "hey -- we're here;

Re: Best Linux (or BSD) hosted BGP?

On 5/8/23 00:22, Bryan Holloway wrote: Curious to hear more specifics about your IS-IS assertion. We've been running it on FRR for some time without incident, but I'll concede that we don't do very much with it other than saying, "hey -- we're here; oh, and you're there." Talking to

Re: Best Linux (or BSD) hosted BGP?

Curious to hear more specifics about your IS-IS assertion. We've been running it on FRR for some time without incident, but I'll concede that we don't do very much with it other than saying, "hey -- we're here; oh, and you're there." On 5/4/23 06:04, Mark Tinka wrote: On 5/4/23 00:51,

Re: Best Linux (or BSD) hosted BGP?

On 5/4/23 00:51, Matt Corallo wrote: Lots of replies saying which of BIRD/exabgp/frr/quagga/openbgpd folks prefer, but they're all pretty good. Honestly for such a project they're all just as great, it comes down mostly to what you're used to config-wise. Used to big metal router

Re: Best Linux (or BSD) hosted BGP?

No argument there at all. Just felt like there was enough FUD in that link it was worth calling out that specific. On Wed, May 3, 2023 at 2:39 PM Glenn Kelley wrote: > Tom - you are correct > > Of course - who keeps things like BGP Route Servers and FRR up to date - > > cough cough > > > Glenn

Re: Best Linux (or BSD) hosted BGP?

Lots of replies saying which of BIRD/exabgp/frr/quagga/openbgpd folks prefer, but they're all pretty good. Honestly for such a project they're all just as great, it comes down mostly to what you're used to config-wise. Used to big metal router configuration? You might find BIRD foreign. Used to

Re: Best Linux (or BSD) hosted BGP?

I just checked the Cisco IOS-XR code. It's not vulnerable to any of the 3 flaws listed in the below linked hackernews article. Kind Regards, Jakob Date: Wed, 3 May 2023 12:52:46 +0300 From: Hank Nussbacher On 02/05/2023 17:56, Warren Kumari wrote: For those that like FRR:

Re: Best Linux (or BSD) hosted BGP?

Tom - you are correct Of course - who keeps things like BGP Route Servers and FRR up to date - cough cough Glenn S. Kelley, I am a Connectivity.Engineer Text and Voice Direct: 740-206-9624 a Division of CreatingNet.Works IMPORTANT: The contents of this email and any attachments are

Re: Best Linux (or BSD) hosted BGP?

> > For those that like FRR: > https://thehackernews.com/2023/05/researchers-uncover-new-bgp-flaws-in.html All 3 of those CVEs look like they were fixed and backported into 8.2 through 8.4 at least 6 months ago. On Wed, May 3, 2023 at 5:54 AM Hank Nussbacher wrote: > On 02/05/2023 17:56,

Re: Best Linux (or BSD) hosted BGP?

On 02/05/2023 17:56, Warren Kumari wrote: For those that like FRR: https://thehackernews.com/2023/05/researchers-uncover-new-bgp-flaws-in.html Regards, Hank +lots. I've used a number of Linux routing thingies (BIRD, Quagga, VyOS/Ubiquiti, OpenBGPd, ExBGP), and FRR is (for me at least) by

Re: Best Linux (or BSD) hosted BGP?

+lots. I've used a number of Linux routing thingies (BIRD, Quagga, VyOS/Ubiquiti, OpenBGPd, ExBGP), and FRR is (for me at least) by far the friendliest. It's trivial to spin this up on a cloud VM and start announcing a prefix. For doing something like Anycast though (where you are mostly just

Re: Best Linux (or BSD) hosted BGP?

Hi, Bryan You wrote: > I know best subjective, but I'm looking at a project to announce some IP space > that's between uses now and see what's there. I'm planing to run a flow > logger and ntop on the VM and see what is coming in if anything. I'm looking > at the options for BGP out there, and

Re: Best Linux (or BSD) hosted BGP?

Hi! I like VyOS or FRR (both in Debian Linux). Regards, Uesley Corrêa - Analista de Telecomunicaciones CEO Telecom Consultoria, Entrenamiento y Servicios CEO Telecom Fiber Solutions On Mon, May 1, 2023 at 3:58 PM Mark Tinka wrote: > > > On 5/1/23 20:04, Tomas Jonsson wrote: > > > VyOS uses

Re: Best Linux (or BSD) hosted BGP?

Agreed with Mark, used pfSense running FRR a few months ago without issues. - Charlie From: NANOG on behalf of Mark Tinka Sent: 01 May 2023 08:55 PM To: nanog@nanog.org Subject: Re: Best Linux (or BSD) hosted BGP? On 5/1/23 20:04, Tomas Jonsson wrote

Re: Best Linux (or BSD) hosted BGP?

Hi Bryan, Openbsd project has openbgpd built right in. Simple and security-minded implementation. Presentations: https://www.openbgpd.org/papers.html Testimonials: https://www.openbgpd.org/users.html Regards, Nick -- Confidentiality Notice: This E-mail message, including any attachments, is

Re: Best Linux (or BSD) hosted BGP?

On 5/1/23 20:04, Tomas Jonsson wrote: VyOS uses FRR, but they used to run quagga. And most bsd(?)/linux package managers has frr in their repository so maybe that could be something to look at? pfSense running FRR is a pretty solid BGP router. Mark.

Re: Best Linux (or BSD) hosted BGP?

I think FRR is a fork of Quagga. On Mon, May 1, 2023 at 2:04 PM Tomas Jonsson wrote: > VyOS uses FRR, but they used to run quagga. > > And most bsd(?)/linux package managers has frr in their repository so > maybe that could be something to look at? > > > On 23/05/01 13:27, Josh Luthman wrote: >

Re: Best Linux (or BSD) hosted BGP?

VyOS uses FRR, but they used to run quagga. And most bsd(?)/linux package managers has frr in their repository so maybe that could be something to look at? On 23/05/01 13:27, Josh Luthman wrote: Doesn't VyOS simply use Quagga? On Mon, May 1, 2023 at 12:09 PM Jean Franco wrote: Hi, VyOS

Re: Best Linux (or BSD) hosted BGP?

https://frrouting.org/ On Mon, May 1, 2023 at 2:28 PM Josh Luthman wrote: > Doesn't VyOS simply use Quagga? > > On Mon, May 1, 2023 at 12:09 PM Jean Franco wrote: > >> Hi, >> >> VyOS >> >> Best regards, >> >> On Mon, May 1, 2023 at 1:03 PM Bryan Fields >> wrote: >> >>> I know best subjective,

Re: Best Linux (or BSD) hosted BGP?

On Mon, May 1, 2023 at 9:01 AM Bryan Fields wrote: > I know best subjective, but I'm looking at a project to announce some IP space > that's between uses now and see what's there. I'm planing to run a flow > logger and ntop on the VM and see what is coming in if anything. I'm looking > at the

Re: Best Linux (or BSD) hosted BGP?

Doesn't VyOS simply use Quagga? On Mon, May 1, 2023 at 12:09 PM Jean Franco wrote: > Hi, > > VyOS > > Best regards, > > On Mon, May 1, 2023 at 1:03 PM Bryan Fields wrote: > >> I know best subjective, but I'm looking at a project to announce some IP >> space >> that's between uses now and see

Re: Best Linux (or BSD) hosted BGP?

I run BIRD on Ubuntu and it works well. Feel free to reach out off list Bryan if you want some examples of a basic configThank you,Michael SpearsOn May 1, 2023 12:01 PM, Bryan Fields wrote:I know best subjective, but I'm looking at a project to announce some IP space that's between uses now and

Re: Best Linux (or BSD) hosted BGP?

Hi, VyOS Best regards, On Mon, May 1, 2023 at 1:03 PM Bryan Fields wrote: > I know best subjective, but I'm looking at a project to announce some IP > space > that's between uses now and see what's there. I'm planing to run a flow > logger and ntop on the VM and see what is coming in if

Best Linux (or BSD) hosted BGP?

I know best subjective, but I'm looking at a project to announce some IP space that's between uses now and see what's there. I'm planing to run a flow logger and ntop on the VM and see what is coming in if anything. I'm looking at the options for BGP out there, and there's quite a few (other