Contributed by grey on from the keeping the routing daemons coming dept.
Router manufacturers and buggy software writers of the world beware, yet another BSD-licensed piece of the puzzle to the OpenBSD master plan has been committed to the src tree.
Below is the commit message with a detailed introduction:
CVSROOT: /cvs Module name: src Changes by: claudio@cvs.openbsd.org 2005/01/28 07:05:41 Added files: usr.sbin/ospfd : Makefile area.c auth.c buffer.c config.c control.c control.h database.c hello.c imsg.c in_cksum.c interface.c iso_cksum.c kroute.c log.c log.h lsack.c lsreq.c lsupdate.c neighbor.c ospf.h ospfd.8 ospfd.c ospfd.h ospfe.c ospfe.h packet.c parse.y rde.c rde.h rde_lsdb.c Log message: Welcome ospfd started by Esben Norby some time ago by using the imsg/three process framework of bgpd. He implemented the basic concept plus the ospf finite state machines. Later I joined and helped him cleanup, debug and extend his work. Right now it is not particularly useful, major parts are still missing but is imported to allow more people to work on it. status: The basic protocol works for broadcast networks and the LS database is synchronized and updated. It is not possible to be DR or BDR on a network and other interface types like point-to-point are not yet supported. The shortest path tree is not calculated and so no routing information is exchanged with the kernel FIB. Not yet connected to the builds. OK henning@
Additionally, Claudio Jeker has let us know about some ideas still in the works:
Here is a small list of planned stuff that will make ospfd cool:
- support for aliased networks (cisco only supports the main
interface network whereas on zebra/quagga it is possible to use all
defined networks)
- carp(4) support (originating networks dependant on the carp if status)
- interface groups for tamplating dynamic interfaces like tun(4) or
pppoe(4)
(Comments are closed)
By Anonymous Coward (211.30.156.113) on
(I don't think I'll ever use it, but I am curious.)
Comments
By Claudio Jeker (62.48.30.129) on
For more info have a look at wikipedias entries for OSPF and Routing
By nuintari (24.210.222.145) on http://nuintari.net
No more Zebra. I've been waiting for this.
Comments
By nuintari (24.210.222.145) on http://nuintari.net/
to answer your question, ospf is an internal routing protocal. Its fully CIDR compliant, has amazing convergence times, and is a royal pain in the ass. But its the best at what it does.
OpenBSD was capable of RIP, and RIP 2, both of which aren't suitable for large networks, and as far as I am concerned, shouldn't be used unless you can't avoid it. OSPF has scalability, as long as you design your network with ospf in mind.
By ajax (68.233.31.24) on
Comments
By nuintari (24.210.222.145) on
I also like the idea of having bgp and ospf under one hood, and that hood being OpenBSD. I guess its more an issue of preference than one of any true technical merit. This keeps me away from ports and packages, which makes me happy. OpenBSD and its components are very easy to keep patched and up to date, stuff in the ports tree.... not always the case.
Comments
By henning (80.86.183.226) henning on
Comments
By Anonymous Coward (81.64.227.144) on
By nuintari (64.246.109.22) on
By Nate (24.112.240.105) on
If you put it under a high load with a large number of routes you will find it quickly dying on you and messing things up.
Comments
By Anonymous Coward (212.25.105.36) on http://www.quagga.net/
Comments
By Nate (24.112.240.105) on
By Max Clark (64.81.233.33) max@clarksys.com on www.clarksys.com
Comments
By nuintari (24.210.222.145) on http://nuintari.net
To have an ASN, you need to be multihomed, which is expensive. And you have to be a dues paying member of ARIN (I am speaking from a North American perspective here), which is also fairly pricey.
There is also the fact that network ops are not going to just go and replace cisco's with obsd boxes right away. It means replacing all hardware, new pci CSU/DSU cards are pricey, and the ones that fit in cisco's don't fit commodity hardware. And your notion of an all ethernet ISP is extremely unlikely. Even if an ISP were to have say, a pair of 10 mbit ethernet circuits as upstream, they still probably have a fairly large chunck of T1 and Frame Relay customers. T1's are bread and butter for an ISP.
Then there is stability. OpenBGPD is not ready for heavy use yet, a flapping neighbor can kill the route decision engine off, unacceptable. I'm not saying the team did a bad job, its really quite good, but routing.... is hard, they'll get the bugs soon enough. I'll be the first to jump for joy when it becomes plausible to start using commodity hardware as routers.
This isn't to say I am not happy, I love obsd as a router, and this will be running on my home network very soon.
Comments
By henning (80.86.183.226) henning on
the sheer amount of installations out there proves you wrong.
> a flapping neighbor can kill the route decision engine off, unacceptable.
I am not aware of any such problems.
Comments
By nuintari (24.210.222.145) on http://nuintari.net
> the sheer amount of installations out there proves you wrong.
New to me, I was not aware of any heavy use of it yet. I could be wrong. Power to it if its being accepted so rapidly, I like it so far.
>> a flapping neighbor can kill the route decision engine off, unacceptable.
> I am not aware of any such problems.
I built a test enviroment with a few pc's yesterday, played around with the various options, just to see how it stacked up. When I started killing stuff off to check convergence times, I noticed that every now and then one of the peers would die with a message about the route decision engine taking a dive. It took bgpd down with it everytime, though I am still trying to isolate the conditions.
Comments
By Brad (216.138.200.42) brad at comstyle dot com on
Comments
By nuintari (24.210.222.145) on
Comments
By Anonymous Coward (67.121.51.10) on
Comments
By nuintari (24.210.222.145) on
By gwyllion (134.58.253.113) on
By henning (80.86.183.226) henning on
>> the sheer amount of installations out there proves you wrong.
> New to me, I was not aware of any heavy use of it yet. I could be
> wrong.
yes, you are wrong. OpenBGPD is in quite some of the major exchange points by now, and many ISPs of all sizes use it somewhere for something.
>>> a flapping neighbor can kill the route decision engine off,
>>> unacceptable
>> I am not aware of any such problems.
> I built a test enviroment with a few pc's yesterday, played around with the various options, just to see how it stacked up. When I started killing stuff off to check convergence times, I noticed that every now and then one of the peers would die with a message about the route decision engine taking a dive. It took bgpd down with it everytime, though I am still trying to isolate the conditions.
well please let us know the log entry (and the messages before) and how to reproduce if possible, but the message might already be enough - via email to henning@ and claudio@ openbsd.org. If there is a bug it should be fixed of course, but AFAIK you are the first one to see it.
By Anonymous Coward (69.197.92.181) on
Comments
By Anonymous Coward (80.178.230.188) on
Comments
By Anonymous Coward (69.197.92.181) on
Comments
By Anonymous Coward (202.45.125.5) on
I have fibre every morning.
I guess all big business have fibre, so they can remain full of it. ; )
By Michael van der Westhuizen (196.25.255.242) on
You must come from somewhere north of the equator and relatively first-world if you believe that. Around here (South Africa) the standard business connection in X.21 (yes, really). Not only that, bandwidth costs are up to 30 times what you pay, and that doesn't even take cost-of-living into account.
By nuintari (24.210.222.145) on
Here in the mid northwest, we sell a lot of T1's still. Which is odd, your right, we can run fiber to them, case and point we do. The carrier for our T1's runs fiber to the premises, then runs it to copper onsite, for phones, and T1's. We can offer ethernet and fast ethernet, but we don't have too many takers, T1's are still cheaper. Which puzzles me to no end, they cost the carrier more money up front. But it means we have a ton of T1's that bring in loads of cash.
As for our upstreams, DS3's to Wiltel and UUnet were the most cost effective in this area. I would love to get fast ethernet upstreams, increased bandwidth is a phone call away at that point.
Comments
By Anonymous Coward (67.121.51.10) on
Comments
By nuintari (24.210.222.145) on
And to think, this company has brought prices down in the region.
Comments
By Anonymous Coward (198.175.14.194) on
By Anonymous Coward (207.225.79.22) on
Comments
By van (217.70.126.47) on
Comments
By Anonymous Coward (67.121.51.10) on
By Anonymous Coward (67.121.51.10) on
By Anonymous Coward (195.75.111.63) on
Comments
By Anonymous Coward (134.58.253.131) on
Comments
By Anonymous Coward (67.121.51.10) on
Comments
By Anonymous Coward (69.197.92.181) on
Comments
By Tony S (195.110.70.34) on
I'm not a developer, but I belive they aren't trying to copy cisco, but instead doing things the way they want it to be done. Comparing the possibilities of IOS and access-lists with the possibilities of a unix system leaves IOS looking pretty bad.
Looking at how PF has developed I have high hopes in bgpd/osfd.
Comments
By Brad (204.101.180.70) brad at comstyle dot com on
Comments
By Anonymous Coward (67.121.51.10) on
By Anonymous Coward (69.197.92.181) on
Comments
By uncitizen (208.137.87.8) on
Comments
By Anonymous Coward (69.197.92.181) on
Comments
By gwyllion (134.58.253.131) on
Comments
By Anonymous Coward (69.197.92.181) on
By Bert (216.175.250.42) thrashbluegrass at antisocial dot com on
If there is good information concerning the various archetectures, I've apparently missed it (and, god knows, I've searched), and would love to know where to find it.
Comments
By Tony S (195.110.70.34) on
Comments
By Bert (216.175.250.42) thrashbluegrass at antisocial dot com on
>>use that can't be replaced by a modern day pc ?
Personally (and professionally right now), none. But that's for home/small office use, and since we're talking about ospf and bgp daemons being added to the base install, we're probably talkng about something a little more bandwidth-intensive than that.
IANAISPM (I Am Not An ISP Monkey), but it seems to me that we could easily be talking multiple GB of network traffic, and even with a 64-bit PCI-X bus, with multiple adapters sharing the bus, you could easily begin bottlenecking there.
This is all based upon my limited understanding of the hardware(s) involved, and, as always, I Could Be Wrong. I am not in a position to press routing hardware to its limit (hanging off of an ADSL as I am). I am, however, attempting to understand the issue of OBSD router solutions in as much depth as I can.
By Lars Hansson (203.65.245.7) lars@unet.net.ph on
Any half-decent new x86 box easily outperforms medium range Cisco gear for a fraction of the price.
Comments
By Lars Hansson (203.65.245.7) on
Heheh.
By Anonymous Coward (12.33.122.68) on
very much acceptable on an average i386...
By Anonymous Coward (151.188.247.80) on
We use 7507's for our BGP routers, and we are multihomed. I don't know how OpenBGPD works yet, since I've not yet tried it, but on 7500 and higher routers, you can shove all the actual packet switching down to the line cards, so your CPU is completely freed up for doing BGP updates. This is a big plus for us. Of course, the fact that we can now run OpenBSD on a 2.4GHz Opteron (even SMP Opteron) might mitigate that issue.
As for OSPF, it's really a quiet protocol unless you have flapping going on in an area, in which case you should of course fix the problem ASAP. Given our size, we do use multiple areas, and what's nice about Cisco's implementation of OSPF is that we can redistribute static routes via OSPF. If the upcoming ospfd can do this, that would be very nice for us.
As for replacing a Cisco router with an OpenBSD box, I definitely like the idea (we're soon planning to go TLS for our WAN links, so no expensive ATM cards to deal with). What we'd need for any site router is the following:
1.) Full OSPFv2 support (of course), and preferably v3 as well.
2.) Something analogous to Cisco's policy-based routing; we use that for many things here.
3.) The ability to redistribute static routes via OSPF.
4.) Something that does the same thing as Cisco's "default-information originate" command for OSPF.
5.) The ability to do Data-Link Switching (DLSw) across a WAN, as we, sadly, still have some legacy apps that need bridging. It's not SNA, but it's just as ugly.
6.) The ability to either bridge or route AppleTalk between two subinterfaces on the LAN side of the router. I believe that OpenBSD already can do this; please correct me if I'm wrong.
7.) Central authentication (TACACS+ style, if not actual TACACS+), with fallback to local userID/passwd authentication.
8.) The ability to audit any commands done on the box.
9.) 802.1q VLAN trunking on an interface, which, again, I believe OpenBSD can now do.
10.) (this is optional, but nice) The ability to *easily* (read: you don't need to be an OpenBSD hacker) run the entire OS off of a flash card instead of a hard disk. Flash cards are more durable, which is why Cisco uses them.
As a network engineer, I'd love to see this in OpenBSD. We're constantly running into Cisco bugs, which we have to beg and plead Cisco to fix, if they feel like it. These bugs are costing us time and money, thus we're considering going with Juniper and other competitors to Cisco. I'd *love* to be able to sell the higher-ups on an OpenBSD-based solution!
Comments
By Anonymous Coward (80.219.121.189) on
10)
having no special technical merit, I can easily run a full system off a 256mb cf with /var and /tmp on a mfs, the recent -P option allows you to populate the mfs from an existing partition, so if we're talking smp opterons you could run a lot in ram ;)
By Bret Lambert (68.50.4.145) thrashbluegrass at antisocial dot com on
By sn00p3r (70.81.53.186) jbre_spam@progression.net on
Comments
By Anonymous Coward (68.97.169.229) on