wiki/wiki
1
0
Fork 0
mirror of https://git.dn42.dev/wiki/wiki synced 2025-03-14 19:43:32 +00:00
Code Issues Releases Wiki Activity

less, more consistent markup

Browse Source
This commit is contained in:
DN42 Wiki (BURBLE-MNT) 2020-03-03 19:21:04 +00:00
parent b8443abf1b
commit c5ef190e87
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
howto/OpenBGPD.md
View File

@ -12,7 +12,7 @@ The goal is to have a small, yet complete setup for all peers with ROA validatio
As per the manual, configuration is divided into logical sections; [`/etc/examples/bgpd.conf`](http://cvsweb.openbsd.org/cgi-bin/cvsweb/~checkout~/src/etc/examples/bgpd.conf?rev=HEAD&content-type=text/plain&only_with_tag=MAIN) is a complete and commented example which this guide is roughly based on. As per the manual, configuration is divided into logical sections; [`/etc/examples/bgpd.conf`](http://cvsweb.openbsd.org/cgi-bin/cvsweb/~checkout~/src/etc/examples/bgpd.conf?rev=HEAD&content-type=text/plain&only_with_tag=MAIN) is a complete and commented example which this guide is roughly based on.
By default, [`bgpd(8)`](http://man.openbsd.org/bgpd.8) listens on all local addresses (on the current default [`routing domain`](http://man.openbsd.org/rdomain.4)), but this guide explicitly listens on the configured transfer ULA only for each peer to better illustrate of this setup. By default, [bgpd(8)](http://man.openbsd.org/bgpd.8) listens on all local addresses (on the current default [`routing domain`](http://man.openbsd.org/rdomain.4)), but this guide explicitly listens on the configured transfer ULA only for each peer to better illustrate of this setup.
## local host ## local host
Information such as ASN, router ID and allocated networks are required: Information such as ASN, router ID and allocated networks are required:
@ -40,7 +40,7 @@ network prefix-set mynetworks set large-community $ASN:1:1
## neighbors ## neighbors
For each neighbor its ASN and transfer ULA is required. For each neighbor its ASN and transfer ULA is required.
An optional description is provided such that [**bgpctl(8)**](http://man.openbsd.org/bgpctl.8) for example can be used with mnemonic names instead of AS numbers: An optional description is provided such that [bgpctl(8)](http://man.openbsd.org/bgpctl.8) for example can be used with mnemonic names instead of AS numbers:
``` ```
# peer A, transport over IPSec/GRE # peer A, transport over IPSec/GRE
$A_local="fd00:12:34:A::1" $A_local="fd00:12:34:A::1"
@ -100,7 +100,7 @@ match from any community GRACEFUL_SHUTDOWN set { localpref 0 }
``` ```
# ROA # ROA
OpenBSD ships with [**rpki-client(8)**](http://man.openbsd.org/rpki-client.8) which nicely integrates with **bgpd**. OpenBSD ships with [rpki-client(8)](http://man.openbsd.org/rpki-client.8) which nicely integrates with **bgpd**.
Since DN42 emulates an IRR WHOIS service through the registry repository instead of providing an RPKI repository, this tool cannot be used. Since DN42 emulates an IRR WHOIS service through the registry repository instead of providing an RPKI repository, this tool cannot be used.
Instead, [a shell script](https://t4-2.high5.nl/pub/dn42/generate_roa-set.sh) parses route objects from the registry repository and generates a `roa-set {...}` block that is to be included in the main configuration file. Instead, [a shell script](https://t4-2.high5.nl/pub/dn42/generate_roa-set.sh) parses route objects from the registry repository and generates a `roa-set {...}` block that is to be included in the main configuration file.