OpenBGPD (posted 2015-01-31)
As part of my BGP training course, I explain to the participants that they can get BGP either by buying a router from the likes of Cisco or Juniper, or by running routing software such as Zebra, Quagga or OpenBGPD on a Unix (-like) operating system. Then I always mention that I haven't tried OpenBGPD yet, but I really should.
There's no time like the present, so I decided to take the plunge today.
OpenBGPD is a daemon implementing the BGP protocol that was developed for OpenBSD. So I first tried installing an OpenBSD 5.6 VM, which was pretty painless. Unfortunately, I couldn't get the OpenBSD package manager to install OpenBGPD for me. So I went to www.openbgpd.org (where I borrowed the image above). The latest version of OpenBGPD is 4.6, which is five years old—and it wouldn't compile. I never know whether it's my mediocre Unix skills or an actual show stopping issue in these cases. Update: the mediocre skills. As @tvlooy points out: OpenBGPD is included in the OpenBSD base install.
I then installed a FreeBSD 10 VM, which is also relatively painless but requires a bit more configuration during the installation process. However, FreeBSD has OpenBGPD in its ports system, and it installed from there without issue.
So now for the interesting part: configuring OpenBGPD.
It's really interesting to see a more Unix-like take on running BGP. The de facto standard way to configure and run BGP is the one invented by Cisco: you type configuration commands which are immediately applied to the active configuration. Zebra/Quagga uses the same model, even letting you interact with the daemon using telnet. Juniper, on the other hand, uses a very different model, where you use commands to modify the configuration and then "commit" that configuration (or roll back if necessary, very old school DBMS style).
With OpenBGPD, you simply edit the /usr/local/etc/bgpd.conf file after reading the man page. When you're done, you tell the bgpd to reload the configuration. I like this a lot. Monitoring the state of BGP sessions and the BGP table is done using the bgpctl utility, which lets you run clear and show commands that aren't entirely unfamiliar.
I plan on doing the BGP training course exercises using OpenBGPD myself next week, and see how well everything works in practice. The filtering/policy system seems to be inspired by the PF firewall with its insane "the last match is the one that counts" system, and the link between a filter rule and a neighbor is much less direct than with other systems. But I'm trying to keep an open mind.
OpenBGPD looks fairly mature from what I've seen so far, with one small but annoying omission: although you can configure 32-bit AS numbers in both ASDOT and ASPLAIN formats in the configuration file, bgpctl only shows them in ASDOT format. That means that if you have a BGP session with DE-CIX which has AS 196610, bgpctl will show that session as being towards AS 3.2. I.e., ASDOT notation is two 16-bit numbers separated by a dot (3.2) while ASPLAIN is simply a 32-bit number in decimal (196610). ASDOT was in vogue for a while when 32-bit AS numbers were introduced, but quickly fell out of favor as people realized that making regular expressions that match AS numbers with a dot in them would be very annoying. There's even a three-page RFC explaining all of this.