OpenBGPD Quick

There aren't many examples of OpenBGPD/OpenOSPFD configurations out there yet. Here's a configuration for one of the simplest configurations, connecting one end-user site to two ISPs.

Topology
Our site, which is Aatrix, connects to two ISPs, Midco and Invisimax. Invisimax has two upstream providers, Midco and Halstad Telephone Company (HTC). I want to advertise our network only through Invisimax's link to HTC, because it balances the incoming traffic more evenly between our links. To support this, Invisimax declared two BGP communiities. When we advertise without a community attribute, the advertisement goes out both of their links; when we advertise with community 16739:501, Invisimax blocks our advertisement to HTC; and when we advertise with community 16739:502, Invisimax blocks our advertisement to Midco. When we advertise to Midco, we never add a community attribute.

We have two routers. Each has an interface connected to our edge network, which is 96.3.203.240/28 on vlan1750. Router0 has an interface connected to Midco, and Router1 has an interface connected to Invisimax. These routers use CARP to present a virtual IP for others hosts on 96.3.205.240/28 to use as their default route. Firewalls protecting our other networks have IPs on our edge network and simply use .241 for the default route. Alternatively, they could join OSPF, but a CARP IP seems to work just as well.

Note that bgpd and ospfd communicate with each other to populate the routing table. Using bgpd without ospfd will not work. But ospfd has an extremely simple configuration, so just go with it.

Operation
/etc/rc.d/bgpd stop /etc/rc.d/ospfd stop /etc/rc.d/bgpd start /etc/rc.d/ospfd start
 * To restart bgpd and ospfd:

Neighbor                  AS    MsgRcvd    MsgSent  OutQ Up/Down  State/PrfRcvd AATRIXv4              394490     462291     720036     0 00:35:14 576184 MIDCO-NETv4            11232     296002       2315     0 19:16:39 568487
 * Typical summary:
 * 1) bgpctl show summary

bgpctl show rib | less
 * To show all learned routes:

bgpctl show rib 96.3.0.0/16 all
 * To show just routes for Midco's /16 or longer:

bgpctl show rib detail | less
 * To show routes with detail such as communities:

hostname.vlan1750
inet 96.3.205.242 255.255.255.240 NONE vlan 1750 vlandev trunk0 !route add -net 96.3.205.0/24 -gateway 127.0.0.1 -blackhole

hostname.carp1750
inet 96.3.205.241 255.255.255.240 NONE vhid 241 pass xxx carpdev vlan1750 advskew 50

ospfd.conf
router-id 96.3.203.122 redistribute connected area 0.0.0.0 { interface vlan1750 }

bgpd.conf
AS 394490 router-id 96.3.203.122 connect-retry 10
 * 1) log updates

network 96.3.205.0/24
 * 1) network inet static

neighbor 96.3.203.121 { remote-as 11232 descr MIDCO-NETv4 local-address 96.3.203.122 announce self }

neighbor 96.3.205.243 { remote-as 394490 descr AATRIXv4 local-address 96.3.205.242 announce all }

allow from any allow to any deny from any prefix 0.0.0.0/0 deny from any prefix 0.0.0.0/8 or-longer deny from any prefix 10.0.0.0/8 or-longer deny from any prefix 127.0.0.0/8 or-longer deny from any prefix 169.254.0.0/16 or-longer deny from any prefix 172.16.0.0/12 or-longer deny from any prefix 192.0.2.0/24 or-longer deny from any prefix 192.168.0.0/16 or-longer deny from any prefix 224.0.0.0/4 or-longer deny from any prefix 240.0.0.0/4 or-longer
 * 1) Last match wins.

match to 96.3.203.121 set {prepend-self 1}

match from 96.3.203.121 prefix 0.0.0.0/1 or-longer set {localpref 90}
 * 1) Nudge some networks to route away from Midco, since otherwise nearly all go this way.

hostname.vlan1750
inet 96.3.205.243 255.255.255.240 NONE vlan 1750 vlandev trunk0 !route add -net 96.3.205.0/24 -gateway 127.0.0.1 -blackhole

hostname.carp1750
inet 96.3.205.241 255.255.255.240 NONE vhid 241 pass xxx carpdev vlan1750 advskew 100

ospfd.conf
router-id 208.72.151.165 redistribute connected area 0.0.0.0 { interface vlan1750 }

bgpd.conf
AS 394490 router-id 208.72.151.165 connect-retry 10
 * 1) log updates

network 96.3.205.0/24
 * 1) network inet static

neighbor 208.72.151.166 { remote-as 16739 descr INVISIMAX-AS-GFv4 local-address 208.72.151.165 announce self }

neighbor 96.3.205.242 { remote-as 394490 descr AATRIXv4 local-address 96.3.205.243 announce all }

allow from any allow to any deny from any prefix 0.0.0.0/0 deny from any prefix 0.0.0.0/8 or-longer deny from any prefix 10.0.0.0/8 or-longer deny from any prefix 127.0.0.0/8 or-longer deny from any prefix 169.254.0.0/16 or-longer deny from any prefix 172.16.0.0/12 or-longer deny from any prefix 192.0.2.0/24 or-longer deny from any prefix 192.168.0.0/16 or-longer deny from any prefix 224.0.0.0/4 or-longer deny from any prefix 240.0.0.0/4 or-longer
 * 1) Last match wins.


 * 1) Invisimax defines the following communities:
 * 2) 16739:501 -- We assign this to advertise only to Midco
 * 3) 16739:502 -- We assign this to advertise only to Halstad
 * 4) 16739:22001 -- They assign this to routes that go to Halstad
 * 5) 16739:22002 -- They assign this to routes that go to Midco

match to 208.72.151.166 set {community 16739:502} match from 208.72.151.166 community 16739:22001 set {localpref 110}