OpenBGPD Config Help
-
Hey everyone, I have been working on getting an OpenBGP + CARP config working, but have been unable to get any input on a config issue, so I have resorted to a work around, but now I'm having another issue. I'm running the latest release, 2.0.2-Release, with the OpenBGPD package installed. I have my config all done (I believe), but it contains to deny rules by default. I thought I would start the service and see if those go away thinking maybe they are there while the service isn't running. Anyway, when I start the service, the GUI flashes the message saying it has been started, but the status never changes. In the system logs I get see this:
Jan 15 10:35:02 bgpd[33739]: Terminating Jan 15 10:35:02 bgpd[33969]: session engine exiting Jan 15 10:35:02 bgpd[33920]: route decision engine exiting Jan 15 10:35:02 bgpd[33739]: config file /var/etc/openbgpd/bgpd.conf has errors, not reloading Jan 15 10:35:02 bgpd[33739]: config file /var/etc/openbgpd/bgpd.conf has errors, not reloading Jan 15 10:35:02 bgpd[33739]: /var/etc/openbgpd/bgpd.conf:18: syntax error Jan 15 10:35:02 bgpd[33739]: /var/etc/openbgpd/bgpd.conf:18: syntax error Jan 15 10:35:02 bgpd[33739]: /var/etc/openbgpd/bgpd.conf:10: syntax error Jan 15 10:35:02 bgpd[33739]: /var/etc/openbgpd/bgpd.conf:10: syntax error Jan 15 10:35:02 bgpd[33969]: session engine ready Jan 15 10:35:02 bgpd[33920]: route decision engine ready Jan 15 10:35:02 bgpd[33969]: no kernel support for PF_KEY Jan 15 10:35:02 bgpd[33969]: no kernel support for PF_KEY Jan 15 10:35:02 bgpd[33739]: startup
My config looks like this:
# This file was created by the package manager. Do not edit! AS ABCD fib-update yes network aa.bb.125.0/24 group "Telus" { remote-as XXX neighbor xx.xx.241.3 { descr "Telus BGP" tcp md5sig password xxxxx announce all } } group "Shaw" { remote-as YYY neighbor yy.yy.127.249 { descr "Shaw BGP" tcp md5sig password xxxxx announce all } } deny from any deny to any allow from xx.xx.241.3 allow to xx.xx.241.3 allow from yy.yy.127.249 allow to yy.yy.127.249
Any help is appreciated. If someone knows if this is not the best place for help, please point me in the right direction. At this point I am willing to ask for some budget to pay for someones time that can help get this working.
Thanks.
Aaron
-
tcp md5sig support isn't available at this time, that's why it fails on those config lines.