ospfd

Contributed by grey on 2005-01-30 from the keeping the routing daemons coming dept.

Thanks to Ash'aman and Marco Peereboom for being the first to point out the introduction of ospfd:

Router manufacturers and buggy software writers of the world beware, yet another BSD-licensed piece of the puzzle to the OpenBSD master plan has been committed to the src tree.

Below is the commit message with a detailed introduction:

CVSROOT:	/cvs
Module name:	src
Changes by:	claudio@cvs.openbsd.org	2005/01/28 07:05:41

Added files:
	usr.sbin/ospfd : Makefile area.c auth.c buffer.c config.c 
	                 control.c control.h database.c hello.c imsg.c 
	                 in_cksum.c interface.c iso_cksum.c kroute.c 
	                 log.c log.h lsack.c lsreq.c lsupdate.c 
	                 neighbor.c ospf.h ospfd.8 ospfd.c ospfd.h 
	                 ospfe.c ospfe.h packet.c parse.y rde.c rde.h 
	                 rde_lsdb.c 

Log message:
Welcome ospfd
started by Esben Norby some time ago by using the imsg/three process framework
of bgpd. He implemented the basic concept plus the ospf finite state machines.
Later I joined and helped him cleanup, debug and extend his work.
Right now it is not particularly useful, major parts are still missing but is
imported to allow more people to work on it.
status:
The basic protocol works for broadcast networks and the LS database is
synchronized and updated. It is not possible to be DR or BDR on a network
and other interface types like point-to-point are not yet supported.
The shortest path tree is not calculated and so no routing information is
exchanged with the kernel FIB.

Not yet connected to the builds.
OK henning@

Additionally, Claudio Jeker has let us know about some ideas still in the works:

Here is a small list of planned stuff that will make ospfd cool:
- support for aliased networks (cisco only supports the main interface network whereas on zebra/quagga it is possible to use all defined networks)
- carp(4) support (originating networks dependant on the carp if status)
- interface groups for tamplating dynamic interfaces like tun(4) or pppoe(4)

(Comments are closed)

Comments

By Anonymous Coward (211.30.156.113) on 2005-01-30 10:34

Being an OpenBSD newbie...What exactly does this "ospfd" do?
(I don't think I'll ever use it, but I am curious.)
Comments
1. By Claudio Jeker (62.48.30.129) on 2005-01-30 10:59
  
  ospfd is a OSPF daemon. OSPF stands for Open Shortest Path First and is a routing protocol. OSPF is an interior gateway protocol like RIP.
  For more info have a look at wikipedias entries for OSPF and Routing
2. By nuintari (24.210.222.145) on 2005-01-30 18:02 http://nuintari.net
  
  THANK YOU!
  No more Zebra. I've been waiting for this.
  Comments
  1. By nuintari (24.210.222.145) on 2005-01-30 18:13 http://nuintari.net/
    
    and maybe, I'll fin ish my comment this time.....
    
    to answer your question, ospf is an internal routing protocal. Its fully CIDR compliant, has amazing convergence times, and is a royal pain in the ass. But its the best at what it does.
    
    OpenBSD was capable of RIP, and RIP 2, both of which aren't suitable for large networks, and as far as I am concerned, shouldn't be used unless you can't avoid it. OSPF has scalability, as long as you design your network with ospf in mind.
  2. By ajax (68.233.31.24) on 2005-01-30 20:04
    
    enlighten me: what's wrong with zebra?
    
    Comments
    
    By nuintari (24.210.222.145) on 2005-01-30 22:45
    
    That the latest release has this datestamp on it: 2003/11/27 I get the impression that interest has been lost.
    
    I also like the idea of having bgp and ospf under one hood, and that hood being OpenBSD. I guess its more an issue of preference than one of any true technical merit. This keeps me away from ports and packages, which makes me happy. OpenBSD and its components are very easy to keep patched and up to date, stuff in the ports tree.... not always the case.
    
    Comments
    
    By henning (80.86.183.226) henning on 2005-01-31 19:57
    
    interest lost? nonsense. we release every six months, roughly coupled with the openbsd releases. of course. sheesh.
    
    Comments
    
    By Anonymous Coward (81.64.227.144) on 2005-02-01 01:03
    
    Hey, seems like he was talking about zebra releases (and lack of maintenance), not about openbsd/openbgpd ;)
    
    By nuintari (64.246.109.22) on 2005-02-01 14:56
    
    not OpenBGPD, zebra.
    
    By Nate (24.112.240.105) on 2005-01-31 02:41
    
    Zebra is flakey.
    If you put it under a high load with a large number of routes you will find it quickly dying on you and messing things up.
    
    Comments
    
    By Anonymous Coward (212.25.105.36) on 2005-01-31 11:41 http://www.quagga.net/
    
    Is it true also for quagga? http://www.quagga.net/
    
    Comments
    
    By Nate (24.112.240.105) on 2005-01-31 19:51
    
    Never used it, but under high loads Zebra would start changing routes and removing ips, sometimes even moving ips to other interfaces. Really odd.
By Max Clark (64.81.233.33) max@clarksys.com on 2005-01-30 18:16 www.clarksys.com

Yes baby, that's what I am talking about. When ospfd is stable this erradicates the need for a Cisco router on the edge. There will always be a place for the 12000 GSR in some networks. But for the average ISP with Ethernet only transit and peering links the combination of OpenBGPd and ospfd massively changes the playing field. Now with a price/performance one two punch from OpenBSD the smaller ISP can be competitive. Register an ASN while you can, the market is going to get crowded.
Comments
1. By nuintari (24.210.222.145) on 2005-01-30 19:17 http://nuintari.net
  
  I seriously doubt this will cause an influx in the number of ASN's out there.
  
  To have an ASN, you need to be multihomed, which is expensive. And you have to be a dues paying member of ARIN (I am speaking from a North American perspective here), which is also fairly pricey.
  
  There is also the fact that network ops are not going to just go and replace cisco's with obsd boxes right away. It means replacing all hardware, new pci CSU/DSU cards are pricey, and the ones that fit in cisco's don't fit commodity hardware. And your notion of an all ethernet ISP is extremely unlikely. Even if an ISP were to have say, a pair of 10 mbit ethernet circuits as upstream, they still probably have a fairly large chunck of T1 and Frame Relay customers. T1's are bread and butter for an ISP.
  
  Then there is stability. OpenBGPD is not ready for heavy use yet, a flapping neighbor can kill the route decision engine off, unacceptable. I'm not saying the team did a bad job, its really quite good, but routing.... is hard, they'll get the bugs soon enough. I'll be the first to jump for joy when it becomes plausible to start using commodity hardware as routers.
  
  This isn't to say I am not happy, I love obsd as a router, and this will be running on my home network very soon.
  Comments
  1. By henning (80.86.183.226) henning on 2005-01-30 19:51
    
    > Then there is stability. OpenBGPD is not ready for heavy use yet,
    
    the sheer amount of installations out there proves you wrong.
    
    > a flapping neighbor can kill the route decision engine off, unacceptable.
    
    I am not aware of any such problems.
    
    Comments
    
    By nuintari (24.210.222.145) on 2005-01-30 22:26 http://nuintari.net
    
    >> Then there is stability. OpenBGPD is not ready for heavy use yet,
    
    > the sheer amount of installations out there proves you wrong.
    
    New to me, I was not aware of any heavy use of it yet. I could be wrong. Power to it if its being accepted so rapidly, I like it so far.
    
    >> a flapping neighbor can kill the route decision engine off, unacceptable.
    
    > I am not aware of any such problems.
    
    I built a test enviroment with a few pc's yesterday, played around with the various options, just to see how it stacked up. When I started killing stuff off to check convergence times, I noticed that every now and then one of the peers would die with a message about the route decision engine taking a dive. It took bgpd down with it everytime, though I am still trying to isolate the conditions.
    
    Comments
    
    By Brad (216.138.200.42) brad at comstyle dot com on 2005-01-31 04:13
    
    Was this -release or -current?
    
    Comments
    
    By nuintari (24.210.222.145) on 2005-01-31 04:37
    
    -release, with all the patches applied, not that any of the patches really should matter.
    
    Comments
    
    By Anonymous Coward (67.121.51.10) on 2005-01-31 09:36
    
    try it with -current and see if you still have the same problems
    
    Comments
    
    By nuintari (24.210.222.145) on 2005-01-31 12:33
    
    that's next on the list
    
    By gwyllion (134.58.253.113) on 2005-01-31 09:32
    
    I would say, contact henning@ if you have problems he is not aware of.
    
    By henning (80.86.183.226) henning on 2005-01-31 19:55
    
    >>> Then there is stability. OpenBGPD is not ready for heavy use yet,
    >> the sheer amount of installations out there proves you wrong.
    > New to me, I was not aware of any heavy use of it yet. I could be
    > wrong.
    
    yes, you are wrong. OpenBGPD is in quite some of the major exchange points by now, and many ISPs of all sizes use it somewhere for something.
    
    >>> a flapping neighbor can kill the route decision engine off,
    >>> unacceptable
    >> I am not aware of any such problems.
    > I built a test enviroment with a few pc's yesterday, played around with the various options, just to see how it stacked up. When I started killing stuff off to check convergence times, I noticed that every now and then one of the peers would die with a message about the route decision engine taking a dive. It took bgpd down with it everytime, though I am still trying to isolate the conditions.
    
    well please let us know the log entry (and the messages before) and how to reproduce if possible, but the message might already be enough - via email to henning@ and claudio@ openbsd.org. If there is a bug it should be fixed of course, but AFAIK you are the first one to see it.
  2. By Anonymous Coward (69.197.92.181) on 2005-01-30 20:28
    
    Um, fastethernet is pretty common for small ISPs. ATM and T3 circuits are a waste of money. And how you figure that T1's are an ISPs bread and butter is beyond me, nobody pays for that shit, they get a fibre drop and then have as much bandwidth as they need.
    
    Comments
    
    By Anonymous Coward (80.178.230.188) on 2005-01-30 22:07
    
    I can imagine some countries which dont have fastethernet wan/man even in a big cities
    
    Comments
    
    By Anonymous Coward (69.197.92.181) on 2005-01-31 05:46
    
    I imagine those countries also don't sell alot of t1s either. Any country where internet access is the norm for businesses has fibre.
    
    Comments
    
    By Anonymous Coward (202.45.125.5) on 2005-01-31 12:29
    
    Any country where internet access is the norm for businesses has fibre.
    I have fibre every morning.
    I guess all big business have fibre, so they can remain full of it. ; )
    
    By Michael van der Westhuizen (196.25.255.242) on 2005-02-07 20:39
    
    Pfffttt... in what world?
    You must come from somewhere north of the equator and relatively first-world if you believe that. Around here (South Africa) the standard business connection in X.21 (yes, really). Not only that, bandwidth costs are up to 30 times what you pay, and that doesn't even take cost-of-living into account.
    
    By nuintari (24.210.222.145) on 2005-01-30 22:34
    
    > Um, fastethernet is pretty common for small ISPs. ATM and T3 circuits are a waste of money. And how you figure that T1's are an ISPs bread and butter is beyond me, nobody pays for that shit, they get a fibre drop and then have as much bandwidth as they need.
    
    Here in the mid northwest, we sell a lot of T1's still. Which is odd, your right, we can run fiber to them, case and point we do. The carrier for our T1's runs fiber to the premises, then runs it to copper onsite, for phones, and T1's. We can offer ethernet and fast ethernet, but we don't have too many takers, T1's are still cheaper. Which puzzles me to no end, they cost the carrier more money up front. But it means we have a ton of T1's that bring in loads of cash.
    
    As for our upstreams, DS3's to Wiltel and UUnet were the most cost effective in this area. I would love to get fast ethernet upstreams, increased bandwidth is a phone call away at that point.
    
    Comments
    
    By Anonymous Coward (67.121.51.10) on 2005-01-31 09:38
    
    I work for a metro ethernet startup and your situation puzzles me to no end - if you're running fiber up to the building MPOE, why the hell are you running copper to the customer? media converters aren't that much more expensive that Adtran muxing equipment. We're selling FE drops at $3000/m which SME's are *eating* up. After we've dropped a pair and a mux in the building, it's just a matter of relatively cheap media converters...
    
    Comments
    
    By nuintari (24.210.222.145) on 2005-01-31 12:37
    
    I don't work for the fiber carrier, we just order lines on behalf of customers, and deliver ip over it. We try to sell 10 mbit fiber lines over copper T1's, and it just costs more. Our price is based on bandwidth, so you can get T1 speeds over fiber from us, no problem, but the line actually costs more.
    
    And to think, this company has brought prices down in the region.
    
    Comments
    
    By Anonymous Coward (198.175.14.194) on 2005-02-02 07:49
    
    Dude, you sell 10 Mbits over a T1 ?!!? Where is this technology! I need some!!!
    
    By Anonymous Coward (207.225.79.22) on 2005-01-30 23:59
    
    You're a fucking idiot. 99% of the world does not have fiber available, only T1, if even that.
    
    Comments
    
    By van (217.70.126.47) on 2005-01-31 08:45
    
    Is it you that can judge on this? With your IP from ARIN? Consider Russia. The country with no any serious telecommunication infrastructure (speaking of all its territory), but things are changing. This sector is growing increasingly now. And in such situation, when there's no old legacy T1 hardware and common experience, it's easier and cheaper to introduce modern copper/fibre ethernet [10,100,1000] to customers rather than foolishly stick with old and slow DSL, E1 etc.
    
    Comments
    
    By Anonymous Coward (67.121.51.10) on 2005-01-31 09:40
    
    consider yourself lucky to be building a infrastructure now and not trying to effectively revolutionize a 100 year old one...
2. By Anonymous Coward (67.121.51.10) on 2005-01-31 09:42
  
  and people thought the routing table was bloated now. oi vey )-:
By Anonymous Coward (195.75.111.63) on 2005-01-31 07:14

Ok, and what *is* the masterplan ?
Comments
1. By Anonymous Coward (134.58.253.131) on 2005-01-31 07:23
  
  make OpenBSD a viable alternative to proprietry routers, like your average Cisco box.
  Comments
  1. By Anonymous Coward (67.121.51.10) on 2005-01-31 09:41
    
    that's going to require IS-IS support (snicker) and some drop in replacement for TACACS+
    
    Comments
    
    By Anonymous Coward (69.197.92.181) on 2005-01-31 20:16
    
    More than that. With a cisco I can make ACLs apply to anything in the system. I can point a route to an ASN, I can make my default gateway 4 hops away so it always updates with BGP. There doesn't seem to be any interest in making openbsd actually compete with cisco, just be an inferior solution that's "good enough" for most.
    
    Comments
    
    By Tony S (195.110.70.34) on 2005-01-31 20:38
    
    I'm not a developer, but I belive they aren't trying to copy cisco, but instead doing things the way they want it to be done. Comparing the possibilities of IOS and access-lists with the possibilities of a unix system leaves IOS looking pretty bad.
    
    Looking at how PF has developed I have high hopes in bgpd/osfd.
    
    Comments
    
    By Brad (204.101.180.70) brad at comstyle dot com on 2005-02-01 02:10
    
    There are many things about IOS that I would NOT want to copy. One of them being how Cisco uses ACLs for everything.
    
    Comments
    
    By Anonymous Coward (67.121.51.10) on 2005-02-01 18:12
    
    Or the performance of most any ACL application...
    
    By Anonymous Coward (69.197.92.181) on 2005-02-01 08:57
    
    I didn't say they should copy cisco. I said openbsd does not compete with cisco, and the addition of ospf will not change that. OpenBSD doesn't have to do things the way cisco does, but if they don't do those things at all, then obviously people will keep using cisco. Being able to have a dynamic default gateway is a show stopper on its own. And comparing ACLs in cisco to unix doesn't make cisco look bad. Imagine if you had the power of firewall style rules applying to ANYTHING network related in any way. Cisco ACLs are very powerful because of this.
    
    Comments
    
    By uncitizen (208.137.87.8) on 2005-02-02 02:24
    
    you'll forgive me, but what can you do with a cisco acl that you cannot with any packet filter?
    
    Comments
    
    By Anonymous Coward (69.197.92.181) on 2005-02-03 01:49
    
    Manipulate packets based on information from routing protocols, like ASNs from BGP for instance. So you can do anything you can normally do, like say blocking packets, redirecting them somewhere else, rate-limiting them, etc on a per ASN basis, even mixing and matching ASNs and IPs/ports/protocols in the ACL.
    
    Comments
    
    By gwyllion (134.58.253.131) on 2005-02-03 07:15
    
    Look at the evil master plan for OpenBGPD.
    
    Comments
    
    By Anonymous Coward (69.197.92.181) on 2005-02-03 21:18
    
    That's not terribly helpful is it? I didn't say it can't be done, I said it needs to be done. Writing it down doesn't help. The fact is alot of people are still stuck with cisco or another commercial offering who don't really want to be, because there is no reasonable alternative. "We might make it competitive someday", doesn't really help.
  2. By Bert (216.175.250.42) thrashbluegrass at antisocial dot com on 2005-01-31 14:52
    
    The question then becomes (for hardware neophytes such as myself), what is the hardware to use for this purpose? x86 and derivatives, with throughput being ruled by the PCI bus, don't seem up to snuff; I'm impressed with the PowerPC arch's throughput, but dislike the fact (my understanding from talking with those more knowledgable; if I'm wrong, please let me know) that it, too, is ruled by the PCI bus. Sparc/Alpha/etc. I know absolutely nothing about, so I'll say nothing about them.
    
    If there is good information concerning the various archetectures, I've apparently missed it (and, god knows, I've searched), and would love to know where to find it.
    
    Comments
    
    By Tony S (195.110.70.34) on 2005-01-31 16:03
    
    What kind of routing equipment do you currently use that can't be replaced by a modern day pc ? I'm talking in terms of routing/forwarding performance.
    
    Comments
    
    By Bert (216.175.250.42) thrashbluegrass at antisocial dot com on 2005-01-31 16:28
    
    >>What kind of routing equipment do you currently
    >>use that can't be replaced by a modern day pc ?
    
    Personally (and professionally right now), none. But that's for home/small office use, and since we're talking about ospf and bgp daemons being added to the base install, we're probably talkng about something a little more bandwidth-intensive than that.
    
    IANAISPM (I Am Not An ISP Monkey), but it seems to me that we could easily be talking multiple GB of network traffic, and even with a 64-bit PCI-X bus, with multiple adapters sharing the bus, you could easily begin bottlenecking there.
    
    This is all based upon my limited understanding of the hardware(s) involved, and, as always, I Could Be Wrong. I am not in a position to press routing hardware to its limit (hanging off of an ADSL as I am). I am, however, attempting to understand the issue of OBSD router solutions in as much depth as I can.
    
    By Lars Hansson (203.65.245.7) lars@unet.net.ph on 2005-02-02 02:58
    
    Preferably anything but Cisco. Their hardware, save possibly the extreme highend, is very much underperforming and overpriced.
    Any half-decent new x86 box easily outperforms medium range Cisco gear for a fraction of the price.
    
    Comments
    
    By Lars Hansson (203.65.245.7) on 2005-02-02 03:00
    
    Wrong place in the thread....
    Heheh.
    
    By Anonymous Coward (12.33.122.68) on 2005-01-31 16:22
    
    almost any setup with only a few 100bt links will work
    very much acceptable on an average i386...
    
    By Anonymous Coward (151.188.247.80) on 2005-02-05 00:10
    
    I work for an organization with just over 250 sites, some small, some large, all interconnected via ATM, and we've have many occasions to stress-test Cisco gear with OSPF and BGP.
    
    We use 7507's for our BGP routers, and we are multihomed. I don't know how OpenBGPD works yet, since I've not yet tried it, but on 7500 and higher routers, you can shove all the actual packet switching down to the line cards, so your CPU is completely freed up for doing BGP updates. This is a big plus for us. Of course, the fact that we can now run OpenBSD on a 2.4GHz Opteron (even SMP Opteron) might mitigate that issue.
    
    As for OSPF, it's really a quiet protocol unless you have flapping going on in an area, in which case you should of course fix the problem ASAP. Given our size, we do use multiple areas, and what's nice about Cisco's implementation of OSPF is that we can redistribute static routes via OSPF. If the upcoming ospfd can do this, that would be very nice for us.
    
    As for replacing a Cisco router with an OpenBSD box, I definitely like the idea (we're soon planning to go TLS for our WAN links, so no expensive ATM cards to deal with). What we'd need for any site router is the following:
    
    1.) Full OSPFv2 support (of course), and preferably v3 as well.
    2.) Something analogous to Cisco's policy-based routing; we use that for many things here.
    3.) The ability to redistribute static routes via OSPF.
    4.) Something that does the same thing as Cisco's "default-information originate" command for OSPF.
    5.) The ability to do Data-Link Switching (DLSw) across a WAN, as we, sadly, still have some legacy apps that need bridging. It's not SNA, but it's just as ugly.
    6.) The ability to either bridge or route AppleTalk between two subinterfaces on the LAN side of the router. I believe that OpenBSD already can do this; please correct me if I'm wrong.
    7.) Central authentication (TACACS+ style, if not actual TACACS+), with fallback to local userID/passwd authentication.
    8.) The ability to audit any commands done on the box.
    9.) 802.1q VLAN trunking on an interface, which, again, I believe OpenBSD can now do.
    10.) (this is optional, but nice) The ability to *easily* (read: you don't need to be an OpenBSD hacker) run the entire OS off of a flash card instead of a hard disk. Flash cards are more durable, which is why Cisco uses them.
    
    As a network engineer, I'd love to see this in OpenBSD. We're constantly running into Cisco bugs, which we have to beg and plead Cisco to fix, if they feel like it. These bugs are costing us time and money, thus we're considering going with Juniper and other competitors to Cisco. I'd *love* to be able to sell the higher-ups on an OpenBSD-based solution!
    
    Comments
    
    By Anonymous Coward (80.219.121.189) on 2005-02-05 15:31
    
    I can only rely with certainty to :
    
    10)
    
    having no special technical merit, I can easily run a full system off a 256mb cf with /var and /tmp on a mfs, the recent -P option allows you to populate the mfs from an existing partition, so if we're talking smp opterons you could run a lot in ram ;)
    
    By Bret Lambert (68.50.4.145) thrashbluegrass at antisocial dot com on 2005-02-06 13:59
    
    There is a TACACS+ port for OpenBSD http://www.openbsd.org/3.5_packages/i386/tacacs+-4.0.4ap0.tgz-long.html which looks like it works for x86 http://www.monkey.org/openbsd/archive/ports/0306/msg00019.html hope this helps.
By sn00p3r (70.81.53.186) jbre_spam@progression.net on 2005-02-06 20:18

Is there a good guide for ospfd/openbgp ? is there a place where they are good how-to or A good book that cover that ? Is there somebody that give example of various configuration possible , filter ... Example on how to build rule for peering or Transit agreement... thanks
Comments
1. By Anonymous Coward (68.97.169.229) on 2005-02-07 06:43
  
  take a look at Cisco they have a lot of docs on network design and how ospf and bgp work with examples ....and google zebra ... some schools have their tutorials online cisco http://www.cisco.com/warp/public/104/1.html

Latest Articles

Wed, Apr 10
- 18:50 OpenSMTPD 7.5.0p0 Released (2)
Tue, Apr 09
- 04:49 20 years since "and we're just starting": undeadly.org turns 20 (2024-04-09) (12)
Fri, Apr 05
- 06:16 OpenBSD 7.5 released (2)
Thu, Mar 28
- 18:18 LibreSSL 3.8.4 and 3.9.1 released (0)
Tue, Mar 12
- 06:53 OpenSSH 9.7/9.7p1 released! (0)
Mon, Mar 11
- 11:28 Game of Trees 0.97 released (0)
Sun, Mar 10
- 09:06 LibreSSL versions 3.8.3 and 3.9.0 released (0)
Fri, Mar 08
- 06:46 OpenBGPD 8.4 released (0)
Mon, Mar 04
- 06:32 rpki-client 9.0 released (0)

Credits

Copyright © 2004-2008 Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to April 2nd 2004 as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]