carp and squid
Hi, does 2 nodes clustered openbsd firewall work with squid ? is there any specific configuration ?
Re: carp and squid
On Wed, Dec 21, 2016 at 12:41:43PM +0100, Frank White wrote: > Hi, does 2 nodes clustered openbsd firewall work with squid ? > is there any specific configuration ? If squid on each node would have its own cache dir, ie. not sharing data, then pointing your clients to squid hostname linked to CARP IP should work, shouldn't it? If squid daemons on both nodes would share cache dir, then you should somehow prevent "failed" node not to continue to mess with storage. Typical solution is STONITH (shoot the other node in the head - ie. power fencing). Then you could maybe use ifstated to monitor CARP interface and start squid daemon if CARP IP is local. I would be also interested in solutions used by various OpenBSD users. j.
Re: spamd and network whitelisting
Op Tue, 20 Dec 2016 12:51:19 +0100 schreef Clint Pachl : Devin Reade wrote on 12/19/16 12:59: With respect to dealing with SPF, the simple solution (permitting an IP if it is on the sending domain's SPF list) doesn't work too well in the general case since it appears many spammers publish SPF records. You're right. When I ran ruby-spf against the the TRAPPED IPs in my spamdb, a surprising number passed SPF (like 15%). On the other hand, one of the popular email domains from our customer DB is @att.net, which doesn't even publish SPF. After some real life testing against our client email DB, I determined SPF was not effective in filtering spam for us. If it is used, it should be a small factor at best. SPF was never meant for making accept/reject decisions on arbitrary domains. If you don't trust the sending domain, then SPF evaluation is pointless. -- Gemaakt met Opera's e-mailprogramma: http://www.opera.com/mail/
wsmoused conflicts with xorg on 6.0 Supermicro PDSMI+ fresh install
Hello, on this Supermicro PDSMI+ board (latest bios) it looks like that activating wsmoused (both plain and with -2 flag) disables pointer control under Xorg i.e. mouse works correctly in CLI but not in X. Running "wsmoused -f -d" reports no output, both when moving/clicking in CLI and X. Any clues? Thanks Dmesg follows: OpenBSD 6.0 (GENERIC.MP) #2319: Tue Jul 26 13:00:43 MDT 2016 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 4277010432 (4078MB) avail mem = 4142915584 (3950MB) mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.51 @ 0xdfeea000 (31 entries) bios0: vendor Phoenix Technologies LTD version "6.00" date 03/05/2008 bios0: Supermicro PDSMi acpi0 at bios0: rev 0 acpi0: sleep states S0 S1 S4 S5 acpi0: tables DSDT FACP MCFG APIC BOOT ASF! SSDT acpi0: wakeup devices DEV1(S5) EXP1(S5) PXHA(S5) EXP5(S5) EXP6(S5) PCIB(S5) KBC0(S1) MSE0(S1) COM1(S5) COM2(S5) USB1(S4) USB2(S4) USB3(S4) USB4(S4) EUSB(S4) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimcfg0 at acpi0 addr 0xf000, bus 0-14 acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Xeon(R) CPU X3230 @ 2.66GHz, 2660.40 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,NXE,LONG,LAHF,PERF,SENSOR cpu0: 4MB 64b/line 16-way L2 cache cpu0: smt 0, core 0, package 0 mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges cpu0: apic clock running at 266MHz cpu0: mwait min=64, max=64, C-substates=0.2, IBE cpu1 at mainbus0: apid 1 (application processor) cpu1: Intel(R) Xeon(R) CPU X3230 @ 2.66GHz, 2660.01 MHz cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,NXE,LONG,LAHF,PERF,SENSOR cpu1: 4MB 64b/line 16-way L2 cache cpu1: smt 0, core 1, package 0 cpu2 at mainbus0: apid 2 (application processor) cpu2: Intel(R) Xeon(R) CPU X3230 @ 2.66GHz, 2660.01 MHz cpu2: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,NXE,LONG,LAHF,PERF,SENSOR cpu2: 4MB 64b/line 16-way L2 cache cpu2: smt 0, core 2, package 0 cpu3 at mainbus0: apid 3 (application processor) cpu3: Intel(R) Xeon(R) CPU X3230 @ 2.66GHz, 2660.01 MHz cpu3: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,NXE,LONG,LAHF,PERF,SENSOR cpu3: 4MB 64b/line 16-way L2 cache cpu3: smt 0, core 3, package 0 ioapic0 at mainbus0: apid 4 pa 0xfec0, version 20, 24 pins ioapic1 at mainbus0: apid 5 pa 0xfec1, version 20, 24 pins acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus 1 (DEV1) acpiprt2 at acpi0: bus 9 (EXP1) acpiprt3 at acpi0: bus 10 (PXHA) acpiprt4 at acpi0: bus 13 (EXP5) acpiprt5 at acpi0: bus 14 (EXP6) acpiprt6 at acpi0: bus 15 (PCIB) acpicpu0 at acpi0: C1(@1 halt!), PSS acpicpu1 at acpi0: C1(@1 halt!), PSS acpicpu2 at acpi0: C1(@1 halt!), PSS acpicpu3 at acpi0: C1(@1 halt!), PSS "PNP0A05" at acpi0 not configured "PNP0303" at acpi0 not configured "PNP0F13" at acpi0 not configured "PNP0501" at acpi0 not configured "PNP0700" at acpi0 not configured acpibtn0 at acpi0: PWRB ipmi at mainbus0 not configured cpu0: Enhanced SpeedStep 2660 MHz: speeds: 2667, 2400, 2133, 1867, 1600 MHz pci0 at mainbus0 bus 0 pchb0 at pci0 dev 0 function 0 "Intel E7230 Host" rev 0xc0 ppb0 at pci0 dev 1 function 0 "Intel E7230 PCIE" rev 0xc0: msi pci1 at ppb0 bus 1 ppb1 at pci0 dev 28 function 0 "Intel 82801GB PCIE" rev 0x01: msi pci2 at ppb1 bus 9 ppb2 at pci2 dev 0 function 0 "Intel 6702PXH PCIE-PCIX" rev 0x09 pci3 at ppb2 bus 10 "Intel IOxAPIC" rev 0x09 at pci2 dev 0 function 1 not configured ppb3 at pci0 dev 28 function 4 "Intel 82801G PCIE" rev 0x01: msi pci4 at ppb3 bus 13 em0 at pci4 dev 0 function 0 "Intel 82573E" rev 0x03: msi, address 00:30:48:9b:af:a6 ppb4 at pci0 dev 28 function 5 "Intel 82801G PCIE" rev 0x01: msi pci5 at ppb4 bus 14 em1 at pci5 dev 0 function 0 "Intel 82573L" rev 0x00: msi, address 00:30:48:9b:af:a7 uhci0 at pci0 dev 29 function 0 "Intel 82801GB USB" rev 0x01: apic 4 int 23 uhci1 at pci0 dev 29 function 1 "Intel 82801GB USB" rev 0x01: apic 4 int 19 uhci2 at pci0 dev 29 function 2 "Intel 82801GB USB" rev 0x01: apic 4 int 18 uhci3 at pci0 dev 29 function 3 "Intel 82801GB USB" rev 0x01: apic 4 int 16 ehci0 at pci0 dev 29 function 7 "Intel 82801GB USB" rev 0x01: apic 4 int 23 usb0 at ehci0: USB revision 2.0 uhub0 at usb0 "Intel EHCI root hub" rev 2.00/1.00 addr 1 ppb5 at pci0 dev 30 function 0 "Intel 82801BA Hub-to-PCI" rev 0xe1 pci6 at ppb5 bus 15 radeondrm0 at pci6 dev 0 function 0 "ATI ES1000" rev 0x02 drm0 at radeondrm0 radeondrm0: apic 4 int 1
Re: Hardware recommendations for compact 1U firewall
Hrvoje Popovski wrote: > > On 15.12.2016. 12:30, Stuart Henderson wrote: > > If you want to cut down on weight+noise at the expense of more cost > > and a less powerful cpu, maybe APU2 in a 1U case or something like > > supermicro SYS-5018A-FTN4. > > has anyone dmesg from SYS-5018A-FTN4 box? i'm interesting in intel qat > > thank you ... As promissed in one of my earlier e-mails. OpenBSD 6.0 dmesg for SYS-5018A-FTN4 OpenBSD 6.0 (GENERIC.MP) #2: Mon Oct 17 10:22:47 CEST 2016 r...@stable-60-amd64.mtier.org:/binpatchng/work-binpatch60-amd64/src/sys/arch/amd64/compile/GENERIC.MP real mem = 34314604544 (32724MB) avail mem = 33270165504 (31728MB) mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.8 @ 0x7f4d8000 (53 entries) bios0: vendor American Megatrends Inc. version "1.1a" date 08/27/2015 bios0: Silicon Mechanics CSTM: CMU - 1U Atom Server acpi0 at bios0: rev 2 acpi0: sleep states S0 S5 acpi0: tables DSDT FACP FPDT FIDT SPMI MCFG WDAT UEFI APIC BDAT HPET SSDT HEST BERT ERST EINJ acpi0: wakeup devices PEX1(S0) PEX2(S0) PEX3(S0) PEX4(S0) EHC1(S0) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimcfg0 at acpi0 addr 0xe000, bus 0-255 acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Atom(TM) CPU C2758 @ 2.40GHz, 2400.46 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,MOVBE,POPCNT,DEADLINE,AES,RDRAND,NXE,LONG,LAHF,3DNOWP,PERF,ITSC,SMEP,ERMS,SENSOR,ARAT cpu0: 1MB 64b/line 16-way L2 cache cpu0: smt 0, core 0, package 0 mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges cpu0: apic clock running at 100MHz cpu0: mwait min=64, max=64, C-substates=0.2.0.0.0.0.3, IBE cpu1 at mainbus0: apid 2 (application processor) cpu1: Intel(R) Atom(TM) CPU C2758 @ 2.40GHz, 2400.01 MHz cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,MOVBE,POPCNT,DEADLINE,AES,RDRAND,NXE,LONG,LAHF,3DNOWP,PERF,ITSC,SMEP,ERMS,SENSOR,ARAT cpu1: 1MB 64b/line 16-way L2 cache cpu1: smt 0, core 1, package 0 cpu2 at mainbus0: apid 4 (application processor) cpu2: Intel(R) Atom(TM) CPU C2758 @ 2.40GHz, 2400.01 MHz cpu2: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,MOVBE,POPCNT,DEADLINE,AES,RDRAND,NXE,LONG,LAHF,3DNOWP,PERF,ITSC,SMEP,ERMS,SENSOR,ARAT cpu2: 1MB 64b/line 16-way L2 cache cpu2: smt 0, core 2, package 0 cpu3 at mainbus0: apid 6 (application processor) cpu3: Intel(R) Atom(TM) CPU C2758 @ 2.40GHz, 2400.01 MHz cpu3: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,MOVBE,POPCNT,DEADLINE,AES,RDRAND,NXE,LONG,LAHF,3DNOWP,PERF,ITSC,SMEP,ERMS,SENSOR,ARAT cpu3: 1MB 64b/line 16-way L2 cache cpu3: smt 0, core 3, package 0 cpu4 at mainbus0: apid 8 (application processor) cpu4: Intel(R) Atom(TM) CPU C2758 @ 2.40GHz, 2400.01 MHz cpu4: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,MOVBE,POPCNT,DEADLINE,AES,RDRAND,NXE,LONG,LAHF,3DNOWP,PERF,ITSC,SMEP,ERMS,SENSOR,ARAT cpu4: 1MB 64b/line 16-way L2 cache cpu4: smt 0, core 4, package 0 cpu5 at mainbus0: apid 10 (application processor) cpu5: Intel(R) Atom(TM) CPU C2758 @ 2.40GHz, 2400.01 MHz cpu5: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,MOVBE,POPCNT,DEADLINE,AES,RDRAND,NXE,LONG,LAHF,3DNOWP,PERF,ITSC,SMEP,ERMS,SENSOR,ARAT cpu5: 1MB 64b/line 16-way L2 cache cpu5: smt 0, core 5, package 0 cpu6 at mainbus0: apid 12 (application processor) cpu6: Intel(R) Atom(TM) CPU C2758 @ 2.40GHz, 2400.01 MHz cpu6: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,MOVBE,POPCNT,DEADLINE,AES,RDRAND,NXE,LONG,LAHF,3DNOWP,PERF,ITSC,SMEP,ERMS,SENSOR,ARAT cpu6: 1MB 64b/line 16-way L2 cache cpu6: smt 0, core 6, package 0 cpu7 at mainbus0: apid 14 (application processor) cpu7: Intel(R) Atom(TM) CPU C2758 @ 2.40GHz, 2400.01 MHz cpu7: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,MOVBE,POPCNT,DEADLINE,AES,RDRAND,NXE,LONG,
Re: Hardware recommendations for compact 1U firewall
As promissed in one of my earlier e-mails. OpenBSD 6.0 dmesg for SYS-5018A-FTN4 FWIW, we have six of these doing firewall duty (currently running 5.9) and they perform flawlessly. We run them in CARPed pairs, and LACP across redundant switches. --lyndon
Re: Hardware recommendations for compact 1U firewall
Thanks for all of your suggestions, though some may have missed the bit where I said "on a limited budget" :) Torn between a Barracuda web filter or a Portwell CAR 3000. The latter is more expensive but supports 10Gbit, whereas the Barracuda may only have 10/100. Both Core2Duo based, could probably upgrade to a Core2Quad or a Xeon with a 771->775 adapter. On Thu, Dec 22, 2016 at 12:17 PM, Predrag Punosevac wrote: > Hrvoje Popovski wrote: >> >> On 15.12.2016. 12:30, Stuart Henderson wrote: >> > If you want to cut down on weight+noise at the expense of more cost >> > and a less powerful cpu, maybe APU2 in a 1U case or something like >> > supermicro SYS-5018A-FTN4. >> >> has anyone dmesg from SYS-5018A-FTN4 box? i'm interesting in intel qat >> >> thank you ... > > As promissed in one of my earlier e-mails. OpenBSD 6.0 dmesg for > SYS-5018A-FTN4 > > > OpenBSD 6.0 (GENERIC.MP) #2: Mon Oct 17 10:22:47 CEST 2016 > r...@stable-60-amd64.mtier.org:/binpatchng/work-binpatch60-amd64/src/sys/arch /amd64/compile/GENERIC.MP > real mem = 34314604544 (32724MB) > avail mem = 33270165504 (31728MB) > mpath0 at root > scsibus0 at mpath0: 256 targets > mainbus0 at root > bios0 at mainbus0: SMBIOS rev. 2.8 @ 0x7f4d8000 (53 entries) > bios0: vendor American Megatrends Inc. version "1.1a" date 08/27/2015 > bios0: Silicon Mechanics CSTM: CMU - 1U Atom Server > acpi0 at bios0: rev 2 > acpi0: sleep states S0 S5 > acpi0: tables DSDT FACP FPDT FIDT SPMI MCFG WDAT UEFI APIC BDAT HPET SSDT HEST BERT ERST EINJ > acpi0: wakeup devices PEX1(S0) PEX2(S0) PEX3(S0) PEX4(S0) EHC1(S0) > acpitimer0 at acpi0: 3579545 Hz, 24 bits > acpimcfg0 at acpi0 addr 0xe000, bus 0-255 > acpimadt0 at acpi0 addr 0xfee0: PC-AT compat > cpu0 at mainbus0: apid 0 (boot processor) > cpu0: Intel(R) Atom(TM) CPU C2758 @ 2.40GHz, 2400.46 MHz > cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX ,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,MOVBE,POPCNT,DEADLINE,AES,RDRAND, NXE,LONG,LAHF,3DNOWP,PERF,ITSC,SMEP,ERMS,SENSOR,ARAT > cpu0: 1MB 64b/line 16-way L2 cache > cpu0: smt 0, core 0, package 0 > mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges > cpu0: apic clock running at 100MHz > cpu0: mwait min=64, max=64, C-substates=0.2.0.0.0.0.3, IBE > cpu1 at mainbus0: apid 2 (application processor) > cpu1: Intel(R) Atom(TM) CPU C2758 @ 2.40GHz, 2400.01 MHz > cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX ,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,MOVBE,POPCNT,DEADLINE,AES,RDRAND, NXE,LONG,LAHF,3DNOWP,PERF,ITSC,SMEP,ERMS,SENSOR,ARAT > cpu1: 1MB 64b/line 16-way L2 cache > cpu1: smt 0, core 1, package 0 > cpu2 at mainbus0: apid 4 (application processor) > cpu2: Intel(R) Atom(TM) CPU C2758 @ 2.40GHz, 2400.01 MHz > cpu2: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX ,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,MOVBE,POPCNT,DEADLINE,AES,RDRAND, NXE,LONG,LAHF,3DNOWP,PERF,ITSC,SMEP,ERMS,SENSOR,ARAT > cpu2: 1MB 64b/line 16-way L2 cache > cpu2: smt 0, core 2, package 0 > cpu3 at mainbus0: apid 6 (application processor) > cpu3: Intel(R) Atom(TM) CPU C2758 @ 2.40GHz, 2400.01 MHz > cpu3: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX ,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,MOVBE,POPCNT,DEADLINE,AES,RDRAND, NXE,LONG,LAHF,3DNOWP,PERF,ITSC,SMEP,ERMS,SENSOR,ARAT > cpu3: 1MB 64b/line 16-way L2 cache > cpu3: smt 0, core 3, package 0 > cpu4 at mainbus0: apid 8 (application processor) > cpu4: Intel(R) Atom(TM) CPU C2758 @ 2.40GHz, 2400.01 MHz > cpu4: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX ,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,MOVBE,POPCNT,DEADLINE,AES,RDRAND, NXE,LONG,LAHF,3DNOWP,PERF,ITSC,SMEP,ERMS,SENSOR,ARAT > cpu4: 1MB 64b/line 16-way L2 cache > cpu4: smt 0, core 4, package 0 > cpu5 at mainbus0: apid 10 (application processor) > cpu5: Intel(R) Atom(TM) CPU C2758 @ 2.40GHz, 2400.01 MHz > cpu5: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX ,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,MOVBE,POPCNT,DEADLINE,AES,RDRAND, NXE,LONG,LAHF,3DNOWP,PERF,ITSC,SMEP,ERMS,SENSOR,ARAT > cpu5: 1MB 64b/line 16-way L2 cache > cpu5: smt 0, core 5, package 0 > cpu6 at mainbus0: apid 12 (application processor) > cpu6: Intel(R) Atom(TM) CPU C2758 @ 2.40GHz, 2400.01 MHz > cpu6: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX
Announcing learned iBGP route to eBGP peer
I have an iBGP learned route that Iâm trying to advertise to an eBGP peer in
OpenBGPD. I set up announce all, but my neighbor does not see the route. If
I do an explicit network statement my peer obviously sees the route, but I
want it to advertise the learned route instead.
Here is my bgpd.conf and output of the rib:
AS 24
nexthop qualify via default
neighbor 2001:ABCD:::1 {
remote-as 64515
local-address 2001:ABCD:ac01:294:5400:ff:fe48:dd09
multihop 2
tcp md5sig password XXX
announce all
}
neighbor 2a06:DCBA:20f0::1 {
remote-as 24
local-address 2a06:DCBA:20f0::2
}
deny to 2001:ABCD:::1
allow to 2001:ABCD:::1 prefix 2a06:DCBA:2000::/40
deny from any prefix ::/0 prefixlen = 0
# bgpctl show rib | grep 2a06:DCBA:2000::/40
I*> 2a06:DCBA:2000::/40 2a06:DCBA:20f0::1 100 0 24 24 24 i
Note that the route shows up as I*>, instead of IA*>, so it is not getting
announced. I mocked this up in my Cisco lab, and the iBGP route gets
advertised automatically.
Thanks,
Mattias Lindgren
--
Mattias Lindgren
