Hi list,
I've read through the docs and Claudio's guide, but something isn't
clear to me I'm hoping to get some direction on:
I am about to multihome. My uplinks to my ISPs terminate on different
OpenBSD routers. The class C network behind them includes one internal
OpenBSD gateway performing NAT for connections leaving the internal
private network.
My understanding is that I would configure OpenBGPD on the two border
routers with iBGP between them, like this:
/etc/bgpd.conf
# Global Config
AS MyASN
router-id 1.2.3.4
# Announce Our Network Space
network 1.2.3/24
# Neighbor Config
neighbor 9.8.7.6 {
descr "My ISP 1"
remote-as TheirASN
}
# iBGP
group IBGP {
remote-as MyASN
neighbor 1.2.3.5 {
descr "MyOtherBorderGateway"
}
}
...Essentially, since no host in my public network would be aware of
which border gateway to leave through, I need an IGP such as OpenOSPFd
as well. Something like this on the border gateways:
/etc/ospfd.conf
# Global Config
router-id 0.0.0.1
redistribute connected
# Areas
area 0.0.0.0 {
auth-type crypt
auth-md 1 "SomePW"
auth-md 2 "SomeDifferentPW"
auth-md-keyid 1
# Main Link (DMZ)
interface em1
}
...and then something like this on all hosts on my public network,
including the NAT firewall:
/etc/ospfd.conf
# Global Config
router-id 0.0.0.3
# Areas
area 0.0.0.0 {
auth-type crypt
auth-md 1 "SomePW"
auth-md 2 "SomeDifferentPW"
auth-md-keyid 1
# Main Link (DMZ)
interface em1
}
My questions are:
1) Claudio's guide suggests to me that iBGP needs to be run on the NAT
firewall as well, but I don't understand *why* that would be necessary
and I think I'm mis-reading it. Clarification please?
2) Do I really want "redistribute connected" in the ospfd.conf on the
border routers, or "redistribute default"?
Thanks for any insight,
-John
