OpenBGPD Config Help



  • Hey everyone, I have been working on getting an OpenBGP + CARP config working, but have been unable to get any input on a config issue, so I have resorted to a work around, but now I'm having another issue.  I'm running the latest release, 2.0.2-Release, with the OpenBGPD package installed.  I have my config all done (I believe), but it contains to deny rules by default.  I thought I would start the service and see if those go away thinking maybe they are there while the service isn't running.  Anyway, when I start the service, the GUI flashes the message saying it has been started, but the status never changes.  In the system logs I get see this:

    Jan 15 10:35:02	bgpd[33739]: Terminating
    Jan 15 10:35:02	bgpd[33969]: session engine exiting
    Jan 15 10:35:02	bgpd[33920]: route decision engine exiting
    Jan 15 10:35:02	bgpd[33739]: config file /var/etc/openbgpd/bgpd.conf has errors, not reloading
    Jan 15 10:35:02	bgpd[33739]: config file /var/etc/openbgpd/bgpd.conf has errors, not reloading
    Jan 15 10:35:02	bgpd[33739]: /var/etc/openbgpd/bgpd.conf:18: syntax error
    Jan 15 10:35:02	bgpd[33739]: /var/etc/openbgpd/bgpd.conf:18: syntax error
    Jan 15 10:35:02	bgpd[33739]: /var/etc/openbgpd/bgpd.conf:10: syntax error
    Jan 15 10:35:02	bgpd[33739]: /var/etc/openbgpd/bgpd.conf:10: syntax error
    Jan 15 10:35:02	bgpd[33969]: session engine ready
    Jan 15 10:35:02	bgpd[33920]: route decision engine ready
    Jan 15 10:35:02	bgpd[33969]: no kernel support for PF_KEY
    Jan 15 10:35:02	bgpd[33969]: no kernel support for PF_KEY
    Jan 15 10:35:02	bgpd[33739]: startup
    

    My config looks like this:

    # This file was created by the package manager.  Do not edit!
    
    AS ABCD
    fib-update yes
    network aa.bb.125.0/24
    group "Telus" {
    	remote-as XXX
    		neighbor xx.xx.241.3 {
        	 descr "Telus BGP"
    		tcp md5sig password xxxxx
    		announce all  
    }
    }
    group "Shaw" {
    	remote-as YYY
    		neighbor yy.yy.127.249 {
        	 descr "Shaw BGP"
    		tcp md5sig password xxxxx
    		announce all  
    }
    }
    deny from any
    deny to any
    allow from xx.xx.241.3
    allow to xx.xx.241.3
    allow from yy.yy.127.249
    allow to yy.yy.127.249
    
    

    Any help is appreciated.  If someone knows if this is not the best place for help, please point me in the right direction.  At this point I am willing to ask for some budget to pay for someones time that can help get this working.

    Thanks.

    Aaron



  • tcp md5sig support isn't available at this time, that's why it fails on those config lines.


Locked