download

Network Configuration—Routing and BridgingOpenBGPD supports TCP MD5 signatures (RFC2385) that are required for somepeers to avoid session spoofing.In order to use this feature, your network stack should provide this feature. Youneed to reconfigure your system kernel to enable TCP MD5 Signatures capabilities.The following lines should be added to your kernel configuration file before thekernel is compiled:deviceoptionsoptionscryptoIPSECTCP_SIGNATUREBGP protocol assumes that the peering routers are connected directly, and thereare no multiple hops (layer3 network nodes) between the routers. However, thisassumption is not always correct, and in certain cases the BGP speaking routers maybe multiple hops away from each other. This can be achieved by enabling EBGPmulti-hop on this peer. The keyword multihop defines how many hops(the maximum) away from the hosts (in this case, 5), these peers are.Please see the bgpd.conf(5) manual pages for a complete set of configuration options.The following line should be added to /etc/rc.conf to enable an automatic start-upof bgpd:openbgpd_enable="YES"You can also start the openBGP daemon manually, by running its rc script:# /usr/local/etc/rc.d/openbgpd startOnce the daemon is running, you can control its behavior using the bgpctl(8)utility. This utility provides a few commands that are used to display the currentstatus of bgpd as well as to modify the parameters on the fly.The five main commands of bgpctl include:• reload: This command forces the daemon to reload the configuration file.• show: This command displays various information about the daemon.• fib: This command manipulates fib (Forwarding Information Base), which isactually the kernel's routing table.• neighbor: This command manipulates per-neighbor peering.• network: This command manipulates advertised network prefixes.[ 168 ]