Jul 232011
 

This is my first post and also the first post of a series that it deals with simple configuration examples on implementing IPv4/IPv6 Dual Stack BGP on Open Source Routing platforms, these configurations are only the basics to help you get Dual Stack up on your network. The post have the intention of giving informations on how to configure OpenBGPD. I will not explain tha basics of OpenBSD’s networking like installation or interface configuration etc, i will just give you the complete solution to get it running, maybe later i will make a post about these basics but i think the official FAQ is enough.

OpenBGPD

In my opinion OpenBSD with OpenBGPD and/or OpenOSPFD is the most rock-solid stable open source solution out there but this ofcourse is my point of view, both stable and easy to use, and it comes with the world’s best man pages, so use this only as starting point if you man bgpd.conf all configuration options are there very clear, if you dont see a feature on this man page then OpenBGPD doesnt support the feature at all, this is the cost to stay stable i think. I am running a number of production servers with OpenBSD and OpenBGPD but i dont use Dual Stack yet so i havent tested such configuration in the real world.

Lets go straight to lab informations.

ISP router details:

AS: 1000

IPv4 network: 10.0.0.0/8

IPv6 network: fc00::/32

Peering Interface: f0/1

Peering address IPv4: 10.0.0.1/30

Peering address IPv6: fc00::1:1/126

OpenBGPD router details:

AS: 100

IPv4 network: 192.168.0.0/21

IPv6 network: fc00:1::/32

Peering Interface: em0

Peering address IPv4: 10.0.0.2/30

Peering address IPv6: fc00::1:2/126

The configuration of OpenBGPD to announce our networks and learn our ISP’s networks is as follow:

# cat /etc/bgpd.conf
# Global configuration
AS 100
router-id 10.0.0.2

# Our Address Space
network 192.168.0.0/21
network fc00:1::/32

# IPv4 Peers
neighbor 10.0.0.1 {
        remote-as       1000
        descr           UpstreamIPv4
        local-address   10.0.0.2
        announce        IPv4 unicast
}

# IPv6 Peers
neighbor fc00::1:1 {
        remote-as       1000
        descr           UpstreamIPv6
        local-address   fc00::1:2
        announce        IPv6 unicast
}

OpenBSD by default doesnt forwards traffic so we have to turn on forwarding for IPv4 and IPv6 this can be done from the console with the following commands:

# sysctl net.inet.ip.forwarding=1
net.inet.ip.forwarding: 1 -> 1
# sysctl net.inet6.ip6.forwarding=1
net.inet6.ip6.forwarding: 1 -> 1

if you want to start forwarding at boot you must change the above values on /etc/sysctl.conf as shown below.

#       $OpenBSD: sysctl.conf,v 1.49 2011/02/16 10:37:45 mikeb Exp $
#
# This file contains a list of sysctl options the user wants set at
# boot time.  See sysctl(3) and sysctl(8) for more information on
# the many available variables.
#
net.inet.ip.forwarding=1        # 1=Permit forwarding (routing) of IPv4 packets
#net.inet.ip.mforwarding=1      # 1=Permit forwarding (routing) of IPv4 multicast packets
#net.inet.ip.multipath=1        # 1=Enable IP multipath routing
#net.inet.icmp.rediraccept=1    # 1=Accept ICMP redirects
#net.inet6.icmp6.rediraccept=0  # 0=Don't accept IPv6 ICMP redirects
net.inet6.ip6.forwarding=1      # 1=Permit forwarding (routing) of IPv6 packets
#net.inet6.ip6.mforwarding=1    # 1=Permit forwarding (routing) of IPv6 multicast packets
#net.inet6.ip6.multipath=1      # 1=Enable IPv6 multipath routing
#net.inet6.ip6.accept_rtadv=1   # 1=Permit IPv6 autoconf (forwarding must be 0)
...
...
...

Next we need to start BGP daemon, this can be done from console with the following command:

# bgpd

if you want to start bgpd at boot you must change the below line on the file /etc/rc.local

# more /etc/rc.conf | grep bgpd
bgpd_flags=""           # for normal use: ""

Verify Commands:

# bgpctl show
Neighbor                   AS    MsgRcvd    MsgSent  OutQ Up/Down  State/PrfRcvd
UpstreamIPv6             1000          8          3     0 00:00:28      4
UpstreamIPv4             1000          8          3     0 00:00:28      4

shows us our neighbors their uptime and received prefixes numbers.

# bgpctl show rib
flags: * = Valid, > = Selected, I = via IBGP, A = Announced
origin: i = IGP, e = EGP, ? = Incomplete

flags destination          gateway          lpref   med aspath origin
*>    10.0.0.0/8           10.0.0.1           100     0 1000 i
AI*>  192.168.0.0/21       0.0.0.0            100     0 i
      192.168.0.0/21       10.0.0.1           100     0 1000 100 i
*>    192.168.8.0/21       10.0.0.1           100     0 1000 200 i
*>    192.168.16.0/21      10.0.0.1           100     0 1000 300 i
*>    fc00::/32            fc00::1:1          100     0 1000 i
AI*>  fc00:1::/32          ::                 100     0 i
      fc00:1::/32          fc00::1:1          100     0 1000 100 i
*>    fc00:2::/32          fc00::1:1          100     0 1000 200 i
*>    fc00:3::/32          fc00::1:1          100     0 1000 300 i

shows us all routes received from our neigbors and they are added to our RIB it also shows our announced prefixes.

# bgpctl show fib bgp
flags: * = valid, B = BGP, C = Connected, S = Static
       N = BGP Nexthop reachable via this route
       r = reject route, b = blackhole route

flags prio destination          gateway
*B      48 10.0.0.0/8           10.0.0.1
*B      48 192.168.8.0/21       10.0.0.1
*B      48 192.168.16.0/21      10.0.0.1
*B      48 fc00::/32            fc00::1:1
*B      48 fc00:2::/32          fc00::1:1
*B      48 fc00:3::/32          fc00::1:1

show us routes selected from bgp daemon and they are placed to the kernel’s routing table or Forwarding Table.

Thats all for OpenBGPD configuration, i am not an OpenBGPD or OpenBSD master so i will be very glad to receive feedback from you about any mistakes i have done in this post or recommendations.

  6 Responses to “IPv4/IPv6 Dual Stack BGP Configuration: Part 1 – OpenBGPD”

  1. Hi man,

    First, congratulations for your great howto webpage.
    That was the better page that i found on web.

    I work on an ISP on Brazil and today we are routing with Mikrotik Routers. They are awesome, but our traffic are increasing, and for this we are looking for other stable solution.
    For this, I’m starting to learn/create a router with OpenBSD + OpenBGPD.

    Your example was fantastic, but I have one question. You don’t use the 2 NICs on your OpenBGPD router? One connected on ISP, and other connected on your switch?
    My question is because your example presents Peering Interface: f0/1. This is a Cisco name interface (correct?). How is your topology?

    I appreciated if you could help.

    • Hello Urik, OpenBSD will do the best job when it comes to routing, in this example i am describing just the peering interface between 2 routers, OpenBGPD to Cisco for the BGP Peering.

  2. Thanks for your guide, it helped me; question do you know who to announce prefix to neighbor with community string attach?

    Thanks,

    • Hello motty, im glad my post helps people even some years later, ofcourse you can set community to outgoing prefixes, you must use the match statement to match the prefix and then add your communities,

      Example:
      match to any prefix 10.10.10.0/24 set community 65000:100

      for any extra information you can read the bgpd.conf manual page these manuals are awesome.

  3. Nice Post!! It would be great, if you could make additional blog posts in sharing your knowledge on Openbgpd.

    Thanks, Your post is useful for me. 🙂

 Leave a Reply

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

(required)

(required)