Hacker News new | past | comments | ask | show | jobs | submit login
OpenBGPD: The OpenBSD BGP internet routing daemon (openbgpd.org)
104 points by beefhash 19 days ago | hide | past | web | favorite | 31 comments



I ran OpenBGPD about 15 yrs back for peering access to a Metropolitan Area Network. My first/last/only experience with BGP (thankfully hehe).

OpenBGPD itself was solid and looked at lot easier to configure than the alternatives. Can't remember whether I looked at Zebra or Quagga or both though.

Haven't used OpenBSD itself since those days either, but OpenBSD originated software tends to have that straightforwardness I miss sometimes.


It is a delight to have an OpenBSD machine as my central router in my home. OpenBSD is so easy to work with and also comes with that cozy feeling of security. I can rest assured that the devs preferred to drop functionality rather than build insecure half-crappy stuff. That is a positive thing!


Anyone run their own Linux/BSD/Unix BGP? I heard bird is pretty good:

https://bird.network.cz/

What about non-free?


I have been running 2 bird boxes (1.6 series, a version 2 upgrade is scheduled later this year) each with two peers of full feed for both ipv4 (~750k and ~755k routes respectively) and ipv6 (~67k and ~69k routes) and one of them is connected to a local ixp (~94k ipv4 and ~15k ipv6 routes).

No problems what soever in the almost two years, they have been running...


oh year, for sizing.. They run on a pair of supermicro boxes with a 8-core C2758 (atom) with 16G of ram, which is plenty.. They only do routing (and delivers it* inwards via OSPF where firewalls are on other boxes)..

Notice we are a low traffic site and are only running 1Gbps on all links currently... (but that should not matter as load is almost unmeassurable)

* = a "default route"


oh, and note to new users.. don't do an "ip r" on those boxes....


I mean, it generates a lot of output, but "ip ro ls" is WAY faster than "route -n" or "netstat -nr" for some reason.


Do you run them personally and get full tables? If so do you pay for the peering and where?


No, I run it in my (hosting) company.

I pay around 250 USD per link per month each, but you also need AS-numbers and IP-addresses, in RIPE (I am in Europe) that is ~2k USD more per year..

edit typo.


forgot to write, that would be massive overkill for a private person...


maybe overkill, but i do that... got 7 servers in total around the world (2x London, 1x Frankfurt, 2 in Amsterdam, 1 in Ashburn and 1 in Dublin (Home)) and all (except home) have full routes with their upstream providers and a few IXes too. costs around 100 per month, including the ASN and V4/V6 space, and if you include the home internet connection, double that. all routes are brought back to the house for internal testing, so some servers have space using my own IPs. Yes, overkill, but defiantly fun to play with! [update] forgot to mention, all run Linux and Bird. Did look at OpenBGPD, but settled on bird. Also, if interested, https://dn42.net got me started, and i am https://as204994.net.


Thanks for sharing! I always thought it'd be fun to do table analysis as a side project. I know BGPmon got bought out a while ago and was always curious if anyone would do full tables via iBGP peering. Obviously it would be more adventageous to have a few geo disperse peering points to make it worthwhile.


Take a look at spamhaus bgp feed. Better than a firewall: just blackhole the traffic coming from known spammers.


you peer what to who with that?


Everything is on is asn site above. The peers are here https://www.peeringdb.com/net/15369


details of my direct upstream peers would be here: https://bgp.he.net/AS204994. Some of my peers (CLoudflare, he.net) are peering directly over IXes (KleyRex, for example) and some (Google) would be though the route server...


BIRD is a very good and extremely stable piece of software.

We run it on the global network I manage, mostly not in the core (hardware routers are required/better at our scale) but we do run BGP on edge devices and use BIRD there, in a number of full-FIB situations as well.

I will also say i've run OpenBGPD in the past, albeit in less demanding situations, and it worked well. That said, I don't recall any advantages OpenBGPD offers over something like BIRD and it was considerably less flexible, though that may not be so anymore.


For a 10-15 years I ran multi-homed BGP for a Internet CO-OP (Zebra) and for a small hosting company (Quagga). They both worked great, and I never had worries about the number of prefixes we were receiving (full table in both cases), because my Linux-based routers had tons of memory and CPU.

My Quagga setup was fantastic! I used linux-ha to do fail over routing, and could do kernel updates and reboots with, as far as I could tell, zero lost packets. I was super happy with those routers!


> What about non-free?

Do you mean Juniper's JunOS (FreeBSD based), Arista's EOS (Fedora based), or Cisco's NX-OS, IOS-XE, and IOS-XR (Wind River Linux based)? Those are all non-free BGP stacks from what I know.

Or perhaps you meant something you can load onto a regular old Linux/BSD distribution.


I've been using bird for years without a problem. It's solid and very customizable. The price is, there's a new language to learn.


If you're into free routing software, also for *BSD, Linux and Solaris:

https://github.com/frrouting/frr


Never heard of this one, thanks. I used quagga years ago, and migrated to bird and never really looked back. Next time bird makes me go crazy due to its somewhat bonkers config syntax I'll be checking this out!


frr is great. its BGP implementation seems miles ahead of OpenBGPD (RFC 5549, EVPN, ...)


I run bird as part of an anycast service, but have used openbgp with great success via pfsense. Simple, clean configs. It just works, which is pretty much the best compliment you can pay for a product of the nature.


A quality product from a quality team. Thanks, OpenBSD project.

It is reliable, secure, well-tested, and BSD licensed.


Is there a TL;DR for why OpenBSD BGP vs BIRD? As someone who has only used Quagga and Zebra for BGP, I'm curious.


I posted this in a separate comment, but if you're still using Quagga it is mostly dead - its fork FRR[0] is miles ahead.

[0] https://github.com/frrouting/frr


Has this been hugged to death? Because I can't access it, it times out. Pretty bad advertising if so.


Pretty bad advertising? It's a BGP daemon. It's not like there are all that many BGP implementations. And it's not a commercial product, so they certainly don't care about being advertised. OpenBGPD is pretty solid. The OpenBSD/BGPD team doesn't put much stock in websites. And the liveness of a website doesn't have much to do with the quality of a BGP daemon, so the advertising comment seems a bit off base.


Loaded instantly for me.


Maybe you've got a bad BGP route?




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: