dn42/wiki
1
Fork 0
mirror of https://git.dn42.dev/wiki/wiki.git synced 2025-02-16 05:14:27 +01:00
Code Releases Activity

less, more consistent markup

Browse Source
This commit is contained in:
DN42 Wiki (BURBLE-MNT) 2020-03-03 19:21:04 +00:00
parent b8443abf1b
commit c5ef190e87
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
howto/OpenBGPD.md
View File

@ -12,7 +12,7 @@ The goal is to have a small, yet complete setup for all peers with ROA validatio
As per the manual, configuration is divided into logical sections; [`/etc/examples/bgpd.conf`](http://cvsweb.openbsd.org/cgi-bin/cvsweb/~checkout~/src/etc/examples/bgpd.conf?rev=HEAD&content-type=text/plain&only_with_tag=MAIN) is a complete and commented example which this guide is roughly based on.
By default, [`bgpd(8)`](http://man.openbsd.org/bgpd.8) listens on all local addresses (on the current default [`routing domain`](http://man.openbsd.org/rdomain.4)), but this guide explicitly listens on the configured transfer ULA only for each peer to better illustrate of this setup.
By default, [bgpd(8)](http://man.openbsd.org/bgpd.8) listens on all local addresses (on the current default [`routing domain`](http://man.openbsd.org/rdomain.4)), but this guide explicitly listens on the configured transfer ULA only for each peer to better illustrate of this setup.
## local host
Information such as ASN, router ID and allocated networks are required:
@ -40,7 +40,7 @@ network prefix-set mynetworks set large-community $ASN:1:1
## neighbors
For each neighbor its ASN and transfer ULA is required.
An optional description is provided such that [**bgpctl(8)**](http://man.openbsd.org/bgpctl.8) for example can be used with mnemonic names instead of AS numbers:
An optional description is provided such that [bgpctl(8)](http://man.openbsd.org/bgpctl.8) for example can be used with mnemonic names instead of AS numbers:
```
# peer A, transport over IPSec/GRE
$A_local="fd00:12:34:A::1"
@ -100,7 +100,7 @@ match from any community GRACEFUL_SHUTDOWN set { localpref 0 }
```
# ROA
OpenBSD ships with [**rpki-client(8)**](http://man.openbsd.org/rpki-client.8) which nicely integrates with **bgpd**.
OpenBSD ships with [rpki-client(8)](http://man.openbsd.org/rpki-client.8) which nicely integrates with **bgpd**.
Since DN42 emulates an IRR WHOIS service through the registry repository instead of providing an RPKI repository, this tool cannot be used.
Instead, [a shell script](https://t4-2.high5.nl/pub/dn42/generate_roa-set.sh) parses route objects from the registry repository and generates a `roa-set {...}` block that is to be included in the main configuration file.