Before we start, let's start by thinking about several questions.
What is a route? What are OSPF and BGP? What are their purposes? What are their application scenarios? What are the advantages of the two routing protocols in OpenBSD compared with hardware routers such as Cisco/Huawei? How to Use OpenBSD to reduce network costs?
1. What is a route?
Simply put, a route is like a sign at a crossroads, and an IP packet is like a car on the road. When a car arrives at a crossroads, it needs a sign to indicate the direction, tell the vehicle in which direction it should travel to its destination. This is the role of routing. Without a badge, the car will not know where to move to the destination. When your data reaches the destination, a new car will be returned at the destination, and you will be notified of your safe arrival through the identification at each crossroads. Home is your computer, and the destination is thousands of computers in the world. You can go through various intersections to reach your destination.
2. What is OSPF and BGP?
Both OSPF and BGP are based on the routing protocol. The names are the Open Shortest Path First and the Border Gateway Protocol. Earlier than them, the RIP and r1_2 protocols are called distance vector protocols. These three protocols have become the most widely used dynamic routing protocol with the combination of network and network protocols. The full name of RIP is Routing Information Protocol. Its maximum number of hops is only 16. If there are more than 16 route jumps, RIP considers the route to be inaccessible, therefore, when the network scale is growing, the RIP Protocol is gradually eliminated or only applied to small networks. So I think this protocol is called the Rest In Peace protocol. OSPF, BGP, and VPN are gradually applied to large networks and the Internet as their path speed and adaptability to medium and large networks and even wide area networks. Among them, VPN is a Cisco proprietary routing protocol, so it can be used by x86 systems. Open-source protocols only support OSPF and BGP. However, this is enough to meet the routing needs of thousands or even tens of thousands of computers.
Iii. What is the scope of application of the protocol?
OSPF is mainly used in the LAN construction of medium-sized companies, from two to 2000 devices. Of course, this is not only limited to 2000 servers, but also more. BGP is applied to a larger scope. Generally, a data center is connected to the entire internet. For more information, see Cisco CCNA and CCNP.
4. Why should I use OpenBSD to replace Cisco and Huawei vrouters? I am familiar with Cisco and Huawei devices, and I think they are very useful.
From the boss's point of view, the biggest benefit is to save money. OpenBSD is a free open-source operating system, and it can be used as long as a 64 m Pentium server is provided. Today's PCs are cheap, and NICs are cheaper. The hardware cost of 2000 RMB can achieve the functions and Stability of professional equipment of 20 thousand RMB, saving 90% of the cost. Why not. Even if it breaks down, you only need to change one hardware. If the professional equipment breaks down, you must send it back to the original factory and spend a lot of money to maintain it. Instead, you can buy a new device. From a technical point of view, OpenBSD is the safest and most stable operating system on the planet, from a vro to a vswitch to a firewall, the core code is based on the BSD system. I think OpenBSD can be used as a substitute for expensive devices because it saves money, reduces maintenance costs, and achieves the same or similar protocol implementation methods. This is the advantage of OpenBSD over professional devices. But it does not mean that professional routers are not good. Professional routers have been specially developed for embedded systems, removing the useless parts of the routes and improving the execution efficiency. Of course, it is more expensive. Therefore, replacing OpenBSD with professional equipment is undoubtedly the best way to save costs and maintain security. Therefore, this article does not allow you to take care of professional devices immediately, but gives you more room for choice.
5. Let's take a look at how OpenBSD implements these two routing protocols.
1. OpenBGPD, that is, open-source BGP Daemon. In OpenBSD, once started, BGPD will automatically expand into three processes, which act as parent processes, process session processes, and take charge of route computing processes. The parent process runs as root, while other processes are not.
650) this. width = 650; "src =" ../attachment/201201/162320508 .jpg" border = "0" alt = ""/>
From this, we can see that the parent process is responsible for communicating with the peer vro, querying and updating the route table, and processing the session process SE is responsible for handling the communication between vrouters. to update the route table, first enter RDE, that is, the routing determining engine is used to put the filtered route table computing information into RIB, that is, the routing information table. bgpctl performs computation and then returns it to the SE process, then return to the RDE and parent processes, and send a request to the parent process to update the route table. The parent process notifies the SE process to send the updated route table to the adjacent router.
2. OpenOSPFD
OSPF is similar to BGP in system processes.
650) this. width = 650; "src =" ../attachment/201201/162354585 .jpg" border = "0" alt = ""/>
The process is the same as that of BGP. The only difference is that OSPF is updated in the form of flooding.
6. basic configuration
To do route forwarding, IP Forwarding is the most basic. Therefore, you must add the following definition to sysctl. conf: Net. inet. ip. forwarding = 1 In addition, you must configure the correct IP address and subnet mask in hostname. em0 and hostname. em1.
1. OpenBGPD
# Global configuration
AS 123
# Equivalent to the Cisco router # router bgp 123
Router-id 192.168.1.1
# Equivalent to bgp router-id 192.168.1.1
# Declaring IP Space
Network 192.168.1/24
# Neighbor settings
Neighbor 192.168.2.1 {
Descr "isp"
Remote-as 124
}
Neighbor 192.168.3.1 {
Descr "isp B"
Remote-as 125
# Peer Password
Tcp md5sig password "74 # senEjTYmhQ/f"
}
Edit/etc/rc. conf, find bgpd_flags = NO and change it to bgpd_flags = "". In addition, change ospfd to "ospfd_flags =" NO "to ospfd_flags =" "for the following configuration, save and quit and restart. After the restart, use # bgpctl show to check the status and neighbors of BGPD. Is it very simple and intuitive. Two neighbors are set here. remote-as is 124 and 125, respectively.
# This is the result of querying bgp on my Virtual Machine
# Bgpctl show
Neighbor AS MsgRcvd MsgSent OutQ Up/Down State/PrfRcvd
10.2.1.1 65023 0 0 0 Never Active
Template for local p 0 0 0 0 Never Template
Upstream2 65004 0 0 0 Never Active
Upstream 65003 0 0 0 Never Active
Peering AS 65042 0 0 0 0 Never Active
Peering AS 65042 0 0 0 0 Never Active
AS 65001 peer 2 65002 0 0 0 Never Active
AS 65001 peer 1 65002 0 0 0 Never Active
2. OpenOSPFD
# Global configuration
Router-id 0.0.0.2
# Allow route redistribution
Redistribute connected
# Region, area. It is hard to understand Cisco.
Area 0.0.0.0 {
Auth-type crypt
Auth-md 1 "L & Y6) @ Vc (6I4 = Gq"
Auth-md 2 "IsJ _-LE: al17a"
Auth-md-keyid 1
# Main link
Interface em1 {metric 10}
# Backup link
Interface em0 {metric 100}
}
The Local Machine ID is 0.0.0.2 and the region is 0.0.0.0. Use two NICs to connect to the peer end as the master and backup. We can see that the em1 distance is 10, and the em0 distance is 100. Note that the maximum OSPF management distance is 110. As the Shortest Path protocol, the metric number must be relatively small unless the link is disconnected. How, isn't it more complicated than Cisco's configuration? In fact, it is very easy to use. In addition, OpenBSD uses pf to filter data packets at the network layer, allowing or rejecting data packets from other places, which ensures security. In addition, OpenBSD native supports Vlan, IPSec, Tunnel, carp, and trunk (link aggregation, equivalent to Linux bonding or netgraph in FreeBSD ).
Pf is a packet control tool in OpenBSD called packet filter. It can filter OSPF and BGP packets, or filter other TCP/IP connections, it is a very powerful firewall software. An OpenBSD can serve as all the functions of routers and firewalls. OpenBSD can accomplish all things at no more than 3000 compared to tens of thousands of devices, isn't it more attractive than those devices?
This article was posted on the "practice test truth" blog and declined to be reproduced!