DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD General

OpenBSD General Other questions regarding OpenBSD which do not fit in any of the categories below.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 26th February 2020
fencepencil fencepencil is offline
New User
 
Join Date: Feb 2020
Posts: 2
Default BGP in separate rdomains

I am wondering if anyone out there has any experience with a bgpd.conf file where 2 different rdomains are configured. This is running OpenBSD 6.6.

I think it's probably possible, I just don't know the correct syntax for it.

A better description is here on what I'm trying to do exactly - https://www.reddit.com/r/openbsd/com...p_in_rdomains/

Any help is much appreciated.
Reply With Quote
  #2   (View Single Post)  
Old 27th February 2020
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 3,588
Default

Hi and welcome. I don't think there are any forum members who can answer your question with BGP. Not because "our OpenBSD expertise" is low-level, because that isn't. Only because AFAIK they don't work in an network environment where you need BGP.

You could ask on the official OpenBSD "misc" mailing list or the "users" mailing list of openbgpd.org.

How to subscribe to these lists is mentioned in the "Managing list membership via Majordomo" section of https://www.openbsd.org/mail.html

BTW Are you sure bgp is running? Does # netstat -an | grep LISTEN show an entry with LISTEN on port 179?
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote
  #3   (View Single Post)  
Old 27th February 2020
fencepencil fencepencil is offline
New User
 
Join Date: Feb 2020
Posts: 2
Default

That's perfect, I will surely look into those mailing lists, thank you.

And yes, BGP is running. I just ran that command and see:
tcp 0 0 *.179 *.* LISTEN

The other side of it sees "Connection refused by remote host" which made me think pf.conf.

My other issue when configuring "listen on 10.1.1.100" to the bgp.conf, it errored with "Cannot bind to 10.1.1.100:179: Can't assign requested address". This happens when I use the -df flags with rcctl restart bgpd.

Thank you for the reply, I will definitely look into those mailing lists.
Reply With Quote
  #4   (View Single Post)  
Old 27th February 2020
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 3,588
Default

You could check with # ifconfig with the -A, -a, -C options to make sure the vlan interfaces have been configured correctly.

Also double check the routing tables for all routing domains with netstat(1)

For debugging you could run [oman]bgpd[/oman] in the foreground with the -d option All errors will then be logged to stderr.



BTW In your pf.conf you have :
Quote:
# set skip on lo
After having things running and starting to tighten up the pf ruleset with a block log all this could bite you. Loopback traffic is local/internal to the box itself, so in general it is not a good idea to block loopback traffic.
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
rdomains and multiple interfaces ssh2ksh OpenBSD General 6 28th November 2014 07:48 PM
[Solved] How to make 2 separate arguments in 1 bash script? guitarscn Programming 1 31st August 2010 09:12 PM
Adding a separate /home JMJ_coder NetBSD General 2 29th August 2008 10:45 AM
/etc on a separate partition DarkEnergy FreeBSD Installation and Upgrading 13 20th May 2008 04:24 AM


All times are GMT. The time now is 06:17 PM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick