On 2014/04/30 15:51, Andy wrote: > Hi sorry to reply with a stupid question but I get this error; > > [LIVE]root@mg1311:~# pkg_add -i symon > symon-2.86p0:libart-2.3.21: ok > symon-2.86p0:png-1.6.2p0: ok > Can't install rrdtool-1.2.30p3 because of libraries > |library freetype.20.0 not found > | not found anywhere > Direct dependencies for rrdtool-1.2.30p3 resolve to png-1.6.2p0 > libart-2.3.21 > Full dependency tree is png-1.6.2p0 libart-2.3.21 > Can't install symon-2.86p0: can't resolve rrdtool-1.2.30p3 > > I've come across this issue of missing freetype in the OpenBSD sources > before in older versions.
Install xbase - see http://www.openbsd.org/faq/faq4.html#AddFileSet and note the ldconfig step. Alternatively any other way to grab process information would do - even as simple as running 'ps -axlww | grep [b]gpd.*route | logger' (if it's like I've seen, you'll probably want this every 15 seconds or so to actually catch it .. symon normally records every 5 seconds) > Anyway, I think you could be on the money as every time this has happened, > it always happens just after seeing the message nexthop now valid. > > We don't use nexthop-self on our cisco routers which are connected to > Transits and IXPs. > At the moment the OpenBSD routers only have iBGP neighborships with two > cisco ABR routers (no eBGP transit or IXP connections, just internal AS). > Thus the BGP nexthop networks (transit and IXP links) are redistributed to > the internal OpenBSD routers by IGP (OSPF) to validate the BGP nexthops and > provide BGP prefix independent convergence. > > In most cases as far as I can remember, the penultimate message before the > crash is the CARP partner's nexthop becoming valid. > > Just to throw the question out there. iBGP should always be a full mesh (or > use RRs etc), and so we run iBGP from both of the OpenBSD firewalls to every > other router, and I also run iBGP between the CARP pair themselves too. Is > the iBGP between the CARP pair really needed?? > I'd imagine not as they are always active-backup and one should not be > handing packets to the other etc.. (we only direct packets to the CARP > addresses as they are running as both stateful firewalls *and* stateless > routers, hence other posts here regarding trying to set the nexthop on BGP > announcements to the CARP IPs). It shouldn't be needed unless you are also carrying internal routes (i.e. networks behind the firewalls) in BGP.