BGPD filter issue?

2008-02-03 Thread Jon Morby 

I believe I've stumbled across an issue with filters in -current

This seems to have only bitten since updating from 4.2 release to - 
current anyway ...



80.252.124.20 is in group "switches"

yet ...

[EMAIL PROTECTED] bgpctl sh rib nei 80.252.124.20 out
flags: * = Valid, > = Selected, I = via IBGP, A = Announced
origin: i = IGP, e = EGP, ? = Incomplete

flags destination gateway  lpref   med aspath origin
[EMAIL PROTECTED] bgpctl sh rib nei 80.252.124.20 out
flags: * = Valid, > = Selected, I = via IBGP, A = Announced
origin: i = IGP, e = EGP, ? = Incomplete

flags destination gateway  lpref   med aspath origin
*>192.88.83.0/24  80.252.125.2   200 0 9179 i
*>193.195.141.0/2480.252.125.2   200 0 9179 i
*>213.170.0.0/19  80.252.125.2   200 0 9179 i

from bgpd.conf

my_nets = "{ 80.252.112.0/20, 84.246.192.0/21, 194.70.36.0/24 }"
allow to group switches community 8282:400
allow to group switches prefix $my_nets

bgpd -nv reports (abbreviated, full details available if necessary)

allow to group "switches" community 8282:400
allow to group "switches" prefix 194.70.36.0/24
allow to group "switches" prefix 84.246.192.0/21
allow to group "switches" prefix 80.252.112.0/20


[EMAIL PROTECTED] bgpctl sh rib community 8282:400
flags: * = Valid, > = Selected, I = via IBGP, A = Announced
origin: i = IGP, e = EGP, ? = Incomplete

flags destination gateway  lpref   med aspath origin
I*>   193.25.188.0/23 84.246.195.68  200 0 8276 3 i
I*>   194.116.160.0/2384.246.195.68  200 0 8276 i
*>213.170.0.0/19  80.252.125.2   200 0 9179 i
*>193.195.141.0/2480.252.125.2   200 0 9179 i
*>192.88.83.0/24  80.252.125.2   200 0 9179 i
I*213.170.0.0/19  80.252.125.2   200 0 9179 i
I*193.195.141.0/2480.252.125.2   200 0 9179 i
I*192.88.83.0/24  80.252.125.2   200 0 9179 i

a) I would expect to see "my nets" in the exports, and b) I would  
expect to see the whole of 8282:400 and not just a fraction


The receiving end seems to match what is being exported

core-2-b1#sh ip bg neighbors 80.252.124.2 received-routes
BGP table version is 1823, local router ID is 194.70.36.252
Status codes: s suppressed, d damped, h history, * valid, > best, i -  
internal,

  r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network  Next HopMetric LocPrf Weight Path
* i192.88.83.0  80.252.124.2  200  0 9179 i
* i193.195.141.080.252.124.2  200  0 9179 i
* i213.170.0.0/19   80.252.124.2  200  0 9179 i

Total number of prefixes 3

Re: bgpd and multihop

2007-06-29 Thread Jon Morby 

On 29 Jun 2007, at 11:12, Stuart Henderson wrote:





I know ... whether it's just something that has now cropped up  
because it's
the first time these several of these boxes have been rebooted in  
months ...


The addition of nexthop qualify via bgp seems to have overcome  
things ..
however the next hops should be learnt by ospf and are reachable  
(otherwise

the bgp sessions wouldn't actually be up, which they are)


Are the nexthops in subnets where you receive the same exact prefixes
by both BGP and OSPF? I have found ospfd sometimes doesn't overwrite
routes installed by bgpd. That's not new though..


Yup .. most likely ...

certainly qualifying via bgp seems to have solved things for the time  
being

Re: bgpd and multihop

2007-06-29 Thread Jon Morby 

On 29 Jun 2007, at 08:47, Henning Brauer wrote:


* Jon Morby <[EMAIL PROTECTED]> [2007-06-29 02:56]:

I've just updated one of our routers from an end of May snapshot to a
Jun 28th snapshot and have noticed that we seem to be having problems
with our multihop sessions since the upgrade.


errr... I'm inlcined to say "impossible", since there weren't many
changes at all in bgpd since then, and nothing that remotely touches
nexthop verification. check your routes, something must be different.
bgpctl sh nex on both machines might give insight



I know ... whether it's just something that has now cropped up  
because it's the first time these several of these boxes have been  
rebooted in months ...


The addition of nexthop qualify via bgp seems to have overcome  
things .. however the next hops should be learnt by ospf and are  
reachable (otherwise the bgp sessions wouldn't actually be up, which  
they are)




Regards,
Jon Morby
FidoNet Registration Services Ltd


web: www.fido.net
tel: +44 (0) 845 004 3050
fax: +44 (0) 845 004 3051

bgpd and multihop

2007-06-28 Thread Jon Morby 
I've just updated one of our routers from an end of May snapshot to a  
Jun 28th snapshot and have noticed that we seem to be having problems  
with our multihop sessions since the upgrade.


[EMAIL PROTECTED] bgpctl -n s rib 80.252.127.0/24
flags: * = Valid, > = Selected, I = via IBGP, A = Announced
origin: i = IGP, e = EGP, ? = Incomplete

flags destination gateway  lpref   med aspath origin
I 80.252.127.0/24 84.246.195.116 200 0 65123 i
  80.252.127.0/24 84.246.195.116 200 0 65123 i

[EMAIL PROTECTED] bgpctl -n s rib det 80.252.127.0/24

BGP routing table entry for 80.252.127.0/24
65123
Nexthop 84.246.195.116 (via ?) from 80.252.124.1 (80.252.124.1)
Origin IGP, metric 0, localpref 200, internal
Last update: 00:19:45 ago
Community: 8282:200 8282:400 NO_EXPORT

BGP routing table entry for 80.252.127.0/24
65123
Nexthop 84.246.195.116 (via ?) from 84.246.195.116 (84.246.195.116)
Origin IGP, metric 0, localpref 200, external
Last update: 00:20:10 ago
Community: 8282:400 NO_EXPORT

where as on our older "trusty" box

[EMAIL PROTECTED] bgpctl -n s rib 80.252.127.0/24
flags: * = Valid, > = Selected, I = via IBGP, A = Announced
origin: i = IGP, e = EGP, ? = Incomplete

flags destination gateway  lpref   med aspath origin
*>80.252.127.0/24 84.246.195.116 200 0 65123 i

[EMAIL PROTECTED] bgpctl -n s rib det 80.252.127.0/24

BGP routing table entry for 80.252.127.0/24
65123
Nexthop 84.246.195.116 (via 80.252.119.2) from 84.246.195.116  
(84.246.195.116)

Origin IGP, metric 0, localpref 200, external, valid, best
Last update: 5d21h14m ago
Community: 8282:400 NO_EXPORT


--
Jon Morby
FidoNet Registration Services Ltd
tel: 0845 004 3050 / fax: 0845 004 3051
web: http://www.fido.net/

Re: FYI: fixed in -current (Was: openbgp not exporting ipv6 to routing tables)

2007-06-18 Thread Jon Morby 

On 5 Jun 2007, at 08:42, OndEej SurC= wrote:


Henning Brauer pm9e v So 21. 04. 2007 v 15:38 +0200:

* Ond??ej Sur?? <[EMAIL PROTECTED]> [2007-04-21 14:58]:

Hi,

Jon Morby pm9e v So 21. 04. 2007 v 12:13 +0100:

Not sure if you're still trying to fix this, or if you're
sorted 
but if you're still having problems

What does your filters section look like ?


It's very simple now - none.  But filters just modify prefixes
accepted
and not coupling.  I do receive IPv6 prefixes they are just not
coupled
into kernel.


i guess there is some bug.
since i have no v6 here it is a bit hard to reproduce and fix


Just FYI.  I prepared -current for testing and found out, that IPv6
works just fine on current -current :-).  However it's broken in
4.1 due
bug in setting IPv6 options which I found fix for in some list.



Ondrej

I've been having similar problems here, however updating to the
latest June snapshot (17th) hasn't fixed things for me. (although I
have now overcome the regular kernel panic I was seeing which was
apparently caused by a corrupted disklabel on wd0)

Whilst I receive the prefixes via iBGP on our internal routers, the
routes are not inserted into the fib ... however they are when
received by eBGP and are in the rib

[EMAIL PROTECTED] uname -a
OpenBSD l2-c1.access.fido.net 4.1 GENERIC#1118 amd64
[EMAIL PROTECTED] bgpctl s rib det  2001:610::/32

BGP routing table entry for 2001:610::/32
3257 1103
Nexthop 2a01:2c0::3 (via 2a01:2c0::3) from 2a01:2c0::3
(80.252.124.3)
Origin IGP, metric 14, localpref 100, internal, valid, best
Last update: 02:16:50 ago
Community: 8282:602 8282:600 3257:3370 3257:3371 3257:5031

[EMAIL PROTECTED] route -n get -inet6 2001:610::1
route: writing to routing socket: No such process

[EMAIL PROTECTED] bgpctl sh fib 2001:610::1
flags: * = valid, B = BGP, C = Connected, S = Static
   N = BGP Nexthop reachable via this route
   r = reject route, b = blackhole route

flags destination  gateway
*B2001:610::/322a01:2c0::3

[EMAIL PROTECTED] route -n get -inet6 2a01:2c0::3
   route to: 2a01:2c0::3
destination: 2a01:2c0::3
  interface: vlan544
 if address: fe80::230:48ff:fe88:9348%vlan544
  flags: 
 use  hopcount   mtuexpire
 720 0 0 0

[EMAIL PROTECTED] ping6 2a01:2c0::3
PING6(56=40+8+8 bytes) 2a01:2c0::2 --> 2a01:2c0::3
16 bytes from 2a01:2c0::3, icmp_seq=0 hlim=64 time=0.371 ms
16 bytes from 2a01:2c0::3, icmp_seq=1 hlim=64 time=0.341 ms
^C
--- 2a01:2c0::3 ping6 statistics ---
2 packets transmitted, 2 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 0.341/0.356/0.371/0.015 ms

whilst on our border (June 9th sources)

[EMAIL PROTECTED] bgpctl s rib det  2001:610::/32

BGP routing table entry for 2001:610::/32
3257 1103
Nexthop 2001:7f8:2:1::3 (via 2001:7f8:2:1::3) from Tiscali
(213.200.87.23)
Origin IGP, metric 14, localpref 100, external, valid, best
Last update: 6d09h17m ago
Community: 8282:600 3257:3370 3257:3371 3257:5031

BGP routing table entry for 2001:610::/32
1752 1299 20965 1103
Nexthop 2001:7f8:2:1::1 (via 2001:7f8:2:1::1) from BT Exact
(213.121.24.91)
Origin IGP, metric 0, localpref 100, external, valid
Last update: 6d09h17m ago
Community: 8282:600

BGP routing table entry for 2001:610::/32
3344 30071 3549 1103
Nexthop 2001:7f8:5::6334:2 (via 2001:7f8:5::6334:2) from Kewlio
(85.116.0.23)
Origin IGP, metric 0, localpref 100, external, valid
Last update: 3d23h31m ago
Community: 8282:600 3344:63300 30071:57052

[EMAIL PROTECTED] route -n get -inet6 2001:610::1
   route to: 2001:610::1
destination: 2001:610::
   mask: :::
gateway: 2001:7f8:2:1::3
  interface: vlan303
 if address: 2001:7f8:2:1::21
  flags: 
 use  hopcount   mtuexpire
   0 0 0 0

and one of our downstream test boxes in AS65123

[EMAIL PROTECTED] bgpctl s rib det  2001:610::/32

BGP routing table entry for 2001:610::/32
8282 3257 1103
Nexthop 2a01:2c0:a0:1::1 (via 2a01:2c0:a0:1::1) from
2a01:2c0:a0:1::1 (80.252.124.3)
Origin IGP, metric 0, localpref 100, external, valid, best
Last update: 3d06h08m ago
Community: 65123:601 8282:600 3257:3370 3257:3371 3257:5031

[EMAIL PROTECTED] route -n get -inet6 2001:610::1
   route to: 2001:610::1
destination: 2001:610::
   mask: :::
gateway: 2a01:2c0:a0:1::1
  interface: gif0
 if address: 2a01:2c0:a0:1::2
  flags: 
 use  hopcount   mtuexpire
   0 0 0 0

So clients of l3 via eBGP seem ok, but clients in the same AS/iBGP
cloud don't seem to insert the routes

Does anyone else see this ... is it just something stupid I'm doing
in my filters (which are I though fairly basic) or is it a bug in bgpd?

filters on l2-c1 are basically

allow from any inet6
match to group "internalv6" set { nexthop self }

bgpd: update errors

2007-05-27 Thread Jon Morby 
Apologies for being quiet the last few weeks, I've been away and only  
just got back to the grind stone


I performed a cvs sync last night and have now rebuilt our lab router  
and 2 of our border routers to the latest cvs snapshot.


All seemed to be working well with the lab talking to the borders  
before the roll out .. and the borders are talking to each other fine  
since the roll out, however the lab router talking to our borders is  
now failing with v4 although v6 routes are being received.


May 27 12:47:10 l3-c1 bgpd[14258]: neighbor 84.246.195.116 (PI -  
hostnic): received notification: error in UPDATE message, attribute  
length wrong


84.246.195.116 is AS65123

and on the borders we have

match from any source-as 65123 set community NO_EXPORT

This was working with the March/April snapshots .. I haven't made any  
configuration changes beyond updating to -current source and rebuilding.


What do you need debug wise?

[EMAIL PROTECTED] bgpctl -n s | grep 65123
84.246.195.116   65123 63 198657 0 00:12:27 Idle
2a01:2c0:a0:1::2 65123 214786   7197 0 00:19:09  1


[EMAIL PROTECTED] bgpctl s
Neighbor AS   MsgRcvdMsgSentOutQ  Up/Down   
State/PrfRcvd
2a01:2c0:a0:1::1 8282736  15986 0 00:10:41 
803
80.252.124.3 8282  18310 14 0 00:04:01  
Active
80.252.124.2 8282  0  6 0 Never 
Active
80.252.124.1 8282  0  6 0 Never 
Active



Regards,
Jon Morby
FidoNet Registration Services Ltd


web: www.fido.net
tel: +44 (0) 845 004 3050
fax: +44 (0) 845 004 3051

Re: openbgp not exporing ipv6 to routing tables

2007-05-02 Thread Jon Morby 
On 21 Apr 2007, at 14:38, Henning Brauer wrote:

> * Ond??ej Sur?? <[EMAIL PROTECTED]> [2007-04-21 14:58]:
>> Hi,
>>
>> Jon Morby pm9e v So 21. 04. 2007 v 12:13 +0100:
>>> Not sure if you're still trying to fix this, or if you're  
>>> sorted 
>>> but if you're still having problems
>>>
>>> What does your filters section look like ?
>>
>> It's very simple now - none.  But filters just modify prefixes  
>> accepted
>> and not coupling.  I do receive IPv6 prefixes they are just not  
>> coupled
>> into kernel.
>
> i guess there is some bug.
> since i have no v6 here it is a bit hard to reproduce and fix
>

I must admit I'm starting to notice some weirdness  mostly  
anecdotal at this stage, however it seems that

with "announce IPv4 none" but a "global" filter allowing export of v4  
prefixes we're still announcing / saying we have v4 addresses - we're  
finding some peers rejecting sessions from us when we have "announce  
all" and "allow to any community :yyyy"

I'm trying to throw enough hardware into a pool to be able to test  
this in more detail.  You're welcome to accounts on them if necessary  
for testing / etc if it will help ?


-- 
Jon Morby
FidoNet Registration Services Ltd
tel: 0845 004 3050 / fax: 0845 004 3051
web: http://www.fido.net/

Re: OSPF and IPv6

2007-05-02 Thread Jon Morby 
On 1 Mar 2007, at 07:13, Esben Norby wrote:

> On Wednesday 28 February 2007 14:58:49 Jon Morby wrote:
>> Unless I'm missing something OpenOSPFD doesn't currently seem to
>> support IPv6 ?
>
> IPv6 is not supported currently, and I think it will be a while  
> before that
> happens.
>
> /Esben
>


What would it take to get this feature bumped up the queue?

I'm trying to resist going back to Quagga ... I really don't want to  
have to do it, but we need dynamic routing which encompasses IPv6  
support :(



-- 
Jon Morby
FidoNet Registration Services Ltd
tel: 0845 004 3050 / fax: 0845 004 3051
web: http://www.fido.net/

Re: bgpd crash

2007-04-30 Thread Jon Morby 

On 30 Apr 2007, at 10:51, Claudio Jeker wrote:


On Sun, Apr 29, 2007 at 04:39:07AM +0100, Jon Morby wrote:

I've updated to the latest snapshot and am seeing the following from
bgpd

Apr 29 03:35:18 l3-c1 bgpd[28142]: fatal in RDE: aspath_count:  
bula bula

Apr 29 03:35:18 l3-c1 bgpd[30043]: Lost child: route decision engine
exited
Apr 29 03:35:18 l3-c1 bgpd[765]: fatal in SE: pipe write error:
Broken pipe

As far as I can tell there have been no major changes to bgpd.conf in
between upgrades

Any ideas?



The latest snapshot has the preliminary 4-byte AS support in it. I  
guess
you triggered a not yet known bug. Can you isolate the case when  
this is
happening? e.g during startup or if a specific neighbor session is  
brought

up.


I reverted the 4-byte patches and we haven't seen a crash since so it  
does seem to be the 4-byte patch that is at issue.


I had the snapshot running on 2 routers which were talking to each  
other as part of our ibgp mesh.  The fault only appeared on one of  
the two routers .. this box happened to have a number of IPv6  
configurations/peering sessions.


I tried disabling the IPv6 configs within bgpd.conf but the crashes  
still occurred  the problem seemed to be half way through loading  
routes from the 2nd box


I've not been able to replicate the problem in our lab as yet .. it  
only appeared once the code was rolled out to our live service (which  
was obviously sub-optimal :)


The crash generally occurred within 90 seconds or so of starting  
bgpd ... every time ..





In the meantime I try to figure out how it is possible to hit that  
fatal.

--
:wq Claudio

bgpd crash

2007-04-28 Thread Jon Morby 
I've updated to the latest snapshot and am seeing the following from  
bgpd

Apr 29 03:35:18 l3-c1 bgpd[28142]: fatal in RDE: aspath_count: bula bula
Apr 29 03:35:18 l3-c1 bgpd[30043]: Lost child: route decision engine  
exited
Apr 29 03:35:18 l3-c1 bgpd[765]: fatal in SE: pipe write error:  
Broken pipe

As far as I can tell there have been no major changes to bgpd.conf in  
between upgrades

Any ideas?


Regards,
Jon Morby
FidoNet Registration Services Ltd


web: www.fido.net
tel: +44 (0) 845 004 3050
fax: +44 (0) 845 004 3051

Re: openbgp not exporing ipv6 to routing tables

2007-04-21 Thread Jon Morby 
Not sure if you're still trying to fix this, or if you're sorted 
but if you're still having problems

What does your filters section look like ?

On 16 Apr 2007, at 16:28, OndEej SurC= wrote:

>
> I have configured openbgpd on openbsd 4.0 (upgraded from 3.8) and
> there
> seems to be problem with IPv6.  I have tried google and irc, but
> without
> success.
>
> I am receiving IPv6 prefixes just fine (791 from upstream transit, 140
> from local IX), but they are not exported to kernel routing tables.

Kernel tuning on routers

2007-04-08 Thread Jon Morby 
A quick google hasn't been very helpful ... are there any guides to tuning 
OpenBSD kernel in 4.x for optimum performance on routers?


We're starting to see some bizarre behaviour and memory issues on some of 
our busier border routers


Things such as

(note the minus 59% usage)

[EMAIL PROTECTED] netstat -m
9637 mbufs in use:
9557 mbufs allocated to data
74 mbufs allocated to packet headers
6 mbufs allocated to socket names and addresses
9546/15752/32768 mbuf clusters in use (current/peak/max)
34148 Kbytes allocated to network (-59% in use)
0 requests for memory denied
0 requests for memory delayed
0 calls to protocol drain routines
[EMAIL PROTECTED] netstat -m
7336 mbufs in use:
7256 mbufs allocated to data
74 mbufs allocated to packet headers
6 mbufs allocated to socket names and addresses
7242/15752/32768 mbuf clusters in use (current/peak/max)
34036 Kbytes allocated to network (47% in use)
0 requests for memory denied
0 requests for memory delayed
0 calls to protocol drain routines

and also things like this appear in dmesg

WARNING: mclpool limit reached; increase kern.maxclusters

(which we've done)

These boxes tend to have 3 or 4 full copies of the routing table as well as 
150-200 peering sessions with an average of 20 prefixes on each


[EMAIL PROTECTED] bgpctl s r me
RDE memory statistics
217634 IPv4 network entries using 6.6M of memory
 1 IPv6 network entries using 44B of memory
   1951183 prefix entries using 59.5M of memory
363941 BGP path attribute entries using 26.4M of memory
118297 BGP AS-PATH attribute entries using 3.5M of memory,
   and holding 363941 references
 12390 BGP attributes entries using 290K of memory
   and holding 408122 references
 12389 BGP attributes using 444K of memory
RIB using 96.8M of memory

[EMAIL PROTECTED] bgpctl s r me
RDE memory statistics
217589 IPv4 network entries using 6.6M of memory
   671 IPv6 network entries using 28.8K of memory
672388 prefix entries using 20.5M of memory
128149 BGP path attribute entries using 9.3M of memory
 48874 BGP AS-PATH attribute entries using 1.4M of memory,
   and holding 128149 references
  4066 BGP attributes entries using 95.3K of memory
   and holding 126566 references
  4065 BGP attributes using 25.0K of memory
RIB using 38.0M of memory

--
Jon Morby
fido.net - the internet made simple!

Re: IPv6 and OpenBGPD - Protocol not available

2007-03-27 Thread Jon Morby 

Nope ... seems to result in a LOT of these

received notification: Cease, max-prefix exceeded

for all our v4 peers / etc


On 27 Mar 2007, at 19:25, Claudio Jeker wrote:


On Tue, Mar 27, 2007 at 07:12:50PM +0100, Jon Morby wrote:

Thanks Claudio ... you guys are super stars! :)

Seems to be working a treat

Now to work out the filters :(

/etc/bgpd.conf:796: king bula sez: AF_INET only

796:allow quick to any prefix 2a01:2c0::/32

What's the correct way to ensure your AF_INET6 prefixes are properly
exported?



Oops looks like some very old leftovers. Could you give this one  
here a

whril? I think that's enough to make the filtering of IPv6 prefixes
possible but as you may guess I have no real IPv6 sessions running.

--
:wq Claudio

Index: parse.y
===
RCS file: /cvs/src/usr.sbin/bgpd/parse.y,v
retrieving revision 1.201
diff -u -p -r1.201 parse.y
--- parse.y 6 Mar 2007 16:52:48 -   1.201
+++ parse.y 27 Mar 2007 18:20:59 -
@@ -1027,13 +1027,6 @@ encspec  : /* nada */{
 filterrule	: action quick direction filter_peer_h filter_match_h  
filter_set

{
struct filter_rule   r;
-   struct filter_prefix_l  *l;
-
-   for (l = $5.prefix_l; l != NULL; l = l->next)
-   if (l->p.addr.af && l->p.addr.af != AF_INET) {
-   yyerror("king bula sez: AF_INET only");
-   YYERROR;
-   }

bzero(&r, sizeof(r));
r.action = $1;

Re: IPv6 and OpenBGPD - Protocol not available

2007-03-27 Thread Jon Morby 
Thanks Claudio ... you guys are super stars! :)

Seems to be working a treat

Now to work out the filters :(

/etc/bgpd.conf:796: king bula sez: AF_INET only

796:allow quick to any prefix 2a01:2c0::/32

What's the correct way to ensure your AF_INET6 prefixes are properly  
exported?


On 27 Mar 2007, at 18:24, Claudio Jeker wrote:

> Try this diff. It seems to solve the problem for me.
>
> -- 
> :wq Claudio
>
> Index: session.c
> ===
> RCS file: /cvs/src/usr.sbin/bgpd/session.c,v
> retrieving revision 1.271
> diff -u -p -r1.271 session.c
> --- session.c 16 Mar 2007 14:06:57 -  1.271
> +++ session.c 27 Mar 2007 17:10:07 -
> @@ -1162,7 +1162,7 @@ session_setup_socket(struct peer *p)
>
>   if (p->conf.ebgp && p->conf.remote_addr.af == AF_INET6)
>   /* set hoplimit to foreign router's distance */
> - if (setsockopt(p->fd, IPPROTO_IPV6, IPV6_HOPLIMIT, &ttl,
> + if (setsockopt(p->fd, IPPROTO_IPV6, IPV6_UNICAST_HOPS, &ttl,
>   sizeof(ttl)) == -1) {
>   log_peer_warn(&p->conf,
>   "session_setup_socket setsockopt hoplimit");

IPv6 and OpenBGPD - Protocol not available

2007-03-27 Thread Jon Morby 
.. and probably me doing something wrong but I can't spot it

I am trying to setup a native IPv6 BGP session to BT Exact

I have the interface setup as v6 only

[EMAIL PROTECTED] cat /etc/hostname.vlan303
up vlan 303 vlandev trunk0 description UK6x
inet6 2001:7f8:2:1::21 64

[EMAIL PROTECTED] cat /etc/hostname.trunk0
trunkport bge0 trunkport bge1 up

and can ping their end of the link fine

[EMAIL PROTECTED] ping6 -c 3 2001:7f8:2:1::1
PING6(56=40+8+8 bytes) 2001:7f8:2:1::21 --> 2001:7f8:2:1::1
16 bytes from 2001:7f8:2:1::1, icmp_seq=0 hlim=64 time=0.367 ms
16 bytes from 2001:7f8:2:1::1, icmp_seq=1 hlim=64 time=0.293 ms
16 bytes from 2001:7f8:2:1::1, icmp_seq=2 hlim=64 time=0.447 ms

--- 2001:7f8:2:1::1 ping6 statistics ---
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 0.293/0.369/0.447/0.063 ms

OpenBGPD is configured thusly (500 line bgpd.conf cut down to basic  
essentials)

AS 8282
network 194.70.36.0/24
network 84.246.192.0/21
network 80.252.112.0/20
network 2a01:2c0::/32

group IPvSix {
 set nexthop self
 softreconfig in yes
 softreconfig out yes
 set community 8282:600
 # announce IPv4 none
 announce IPv6 unicast

 neighbor 2001:7f8:2:1::1 {
 multihop 3
 local-address 2001:7f8:2:1::21
 remote-as 1752
 }
}

Sessions however won't initiate

(they've also tried with/without override-capability-neg on their end)

Mar 27 16:27:46 l3-c1 bgpd[32629]: SE reconfigured
Mar 27 16:27:55 l3-c1 bgpd[32629]: neighbor 2001:7f8:2:1::1: state  
change Idle -> Active, reason: Start
Mar 27 16:27:55 l3-c1 bgpd[32629]: neighbor 2001:7f8:2:1::1:  
session_setup_socket setsockopt hoplimit: Protocol not available
Mar 27 16:27:55 l3-c1 bgpd[32629]: neighbor 2001:7f8:2:1::1: state  
change Active -> Idle, reason: Fatal error

Their debug output shows the following

Mar 27 15:36:51.347 BST: BGP: 2001:7F8:2:1::21 open active, local  
address 2001:7F8:2:1::1
Mar 27 15:36:51.347 BST: BGPNSF: Building graceful restart capability  
for 2001:7F8:2:1::21
Mar 27 15:36:51.347 BST: BGP: 2001:7F8:2:1::21 went from Active to  
OpenSent
Mar 27 15:36:51.347 BST: BGP: 2001:7F8:2:1::21 sending OPEN, version  
4, my as: 1752, holdtime 360 seconds
Mar 27 15:36:51.347 BST: BGP: 2001:7F8:2:1::21 send message type 1,  
length (incl. header) 51
Mar 27 15:36:51.431 BST: BGP: 2001:7F8:2:1::21 remote close, state  
CLOSED
Mar 27 15:36:51.431 BST: BGP: 2001:7F8:2:1::21 -reset the session
Mar 27 15:36:51.431 BST: BGPNSF state: 2001:7F8:2:1::21 went from  
nsf_not_active to nsf_not_active
Mar 27 15:36:51.431 BST: BGP: 2001:7F8:2:1::21 went from OpenSent to  
Idle
Mar 27 15:36:51.431 BST: BGP: 2001:7F8:2:1::21 closing
Mar 27 15:36:51.439 BST: BGP: 2001:7F8:2:1::21 went from Idle to Active
Mar 27 15:36:51.439 BST: BGP: 2001:7F8:2:1::21 open active delayed  
28351ms (35000ms max, 28% jitter)

I haven't tried restarting bgpd completely as this is on a production  
server ... but I'm hoping it's just a stupid config error somewhere  
that can easily resolved ?

This is on -current as of a week ago

Any ideas?



-- 
Jon Morby
FidoNet Registration Services Ltd
tel: 0845 004 3050 / fax: 0845 004 3051
web: http://www.fido.net/

Re: OpenBGPD and private-as

2007-03-20 Thread Jon Morby 

On 20 Mar 2007, at 10:03, Claudio Jeker wrote:


On Mon, Mar 19, 2007 at 04:25:25PM +, Jon Morby wrote:

Might be a dumb question, but what's the equivalent of

neighbor   remove-private-as

in OpenBGPD

I've just noticed we're advertising prefixes 65xxx to our upstream
providers when we should be stripping them from our advertisements.



OpenBGPD can not strip AS numbers from AS pathes at the moment.
Is it enough to remove only one particular AS or do you realy need  
to use

the heavy artillery?


Well was hoping there would be a catch all ... but removal of  
individual ones that we know about is fine ... until we find one we  
don't know about :)





--
:wq Claudio

OpenBGPD and private-as

2007-03-19 Thread Jon Morby 

Might be a dumb question, but what's the equivalent of

neighbor   remove-private-as

in OpenBGPD

I've just noticed we're advertising prefixes 65xxx to our upstream  
providers when we should be stripping them from our advertisements.



--
Jon Morby
FidoNet Registration Services Ltd
tel: 0845 004 3050 / fax: 0845 004 3051
web: http://www.fido.net/

Re: ospfctl reload problem

2007-03-17 Thread Jon Morby 
On 17 Mar 2007, at 16:41, Stuart Henderson wrote:

> On 2007/03/17 16:13, Stuart Henderson wrote:
>> On 2007/03/17 15:08, Jon Morby wrote:
>>>> Checking tcpdump it seems that the password is being passed but
>>>> truncated as 7 characters plus a null character instead of the full
>>>> 8 character password
>>
>> try this ..
>
> ok claudio's is probably a better idea .. (works for me)
>


Yup looks to make more sense, and definitely works here

Thanks guys!




-- 
Jon Morby
FidoNet Registration Services Ltd
tel: 0845 004 3050 / fax: 0845 004 3051
web: http://www.fido.net/

Re: ospfctl reload problem

2007-03-17 Thread Jon Morby 
On 17 Mar 2007, at 15:42, Claudio Jeker wrote:

>
> Can you try this diff?
>
> -- 
> :wq Claudio


Yup that did the tric

Thanks!




-- 
Jon Morby
FidoNet Registration Services Ltd
tel: 0845 004 3050 / fax: 0845 004 3051
web: http://www.fido.net/

Re: ospfctl reload problem

2007-03-17 Thread Jon Morby 
On 17 Mar 2007, at 14:48, Jon Morby wrote:

> Doing an ospfctl reload seems to result in problems with simple  
> authentication enabled
>
> Mar 17 14:44:14 l2-c1 ospfd[7096]: recv_packet: authentication  
> error, interface vlan544
> Mar 17 14:44:45 l2-c1 last message repeated 213 times
>
> Checking tcpdump it seems that the password is being passed but  
> truncated as 7 characters plus a null character instead of the full  
> 8 character password
>
> This is with -current
>

Apologies, I forgot to paste the config and results from our lab machine

15:04:59.942992 0:d:93:4e:30:8a 1:0:5e:0:0:5 0800 78: 84.246.195.116  
 > 224.0.0.5: OSPFv2-hello 44: backbone auth "passwor^@" E mask  
255.255.255.248 int 10 pri 1 dead 40 dr 84.246.195.116 nbrs [tos  
0xc0] [ttl 1] (id 51672, len 64)


Mar 17 15:02:29 stats ospfd[4412]: recv_packet: authentication error,  
interface gem0
Mar 17 15:03:09 stats last message repeated 4 times
Mar 17 15:05:19 stats last message repeated 13 times

ospfd.conf

area 0.0.0.0 {
 interface gem0 {
 auth-type simple
 auth-key password
 }
}

If I pkill ospfd and run ospfd from cold everything sync's fine.   
It's just when we do an ospfctl reload



>
>
>
> -- 
> Jon Morby
> FidoNet Registration Services Ltd
> tel: 0845 004 3050 / fax: 0845 004 3051
> web: http://www.fido.net/

ospfctl reload problem

2007-03-17 Thread Jon Morby 
Doing an ospfctl reload seems to result in problems with simple  
authentication enabled

Mar 17 14:44:14 l2-c1 ospfd[7096]: recv_packet: authentication error,  
interface vlan544
Mar 17 14:44:45 l2-c1 last message repeated 213 times

Checking tcpdump it seems that the password is being passed but  
truncated as 7 characters plus a null character instead of the full 8  
character password

This is with -current




-- 
Jon Morby
FidoNet Registration Services Ltd
tel: 0845 004 3050 / fax: 0845 004 3051
web: http://www.fido.net/

Re: bgpctl show, performance and softreconfig in -current

2007-03-13 Thread Jon Morby 

On 12 Mar 2007, at 10:31, Claudio Jeker wrote:



... and here is the patch to fix the issue.



Yup does indeed seem to have solved the problem!

Thanks Claudio / guys!


--
Jon Morby
FidoNet Registration Services Ltd
tel: 0845 004 3050 / fax: 0845 004 3051
web: http://www.fido.net/

bgpctl show, performance and softreconfig in -current

2007-03-11 Thread Jon Morby 
 77644 BGP path attribute entries using 5.6M of memory
 34162 BGP AS-PATH attribute entries using 1.0M of memory,
   and holding 77644 references
  3978 BGP attributes entries using 93.2K of memory
   and holding 91791 references
      3977 BGP attributes using 25.5K of memory
RIB using 26.3M of memory


--
Jon Morby
FidoNet Registration Services Ltd
tel: 0845 004 3050 / fax: 0845 004 3051
web: http://www.fido.net/

Re: Question about IP

2007-03-11 Thread Jon Morby 
On 11 Mar 2007, at 12:37, Philip Guenther wrote:

> On 3/11/07, Jon Morby <[EMAIL PROTECTED]> wrote:
>> On 10 Mar 2007, at 14:58, Akin Nomad wrote:
>>
>> > c: 2001:16c8:ffd7::b:33.255.3.2
>>
>> I would say this one  on the basis that (notation of) IPv6
>> addresses are colon separated and IPv4 addresses are period separated
>> and this uses a mixture of colon an period
>
> No, that's a valid form.  The authoritative reference is RFC 2373.  On
> OpenBSD systems, the inet_pton(3) manpage summarizes the accepted
> forms.

*doh*

Ok ... so learn something new every day ... :)

Yup .. looks like a badly worded / translated question ... oh well  
back to Sunday lunch :)


>
> Philip Guenther

-- 
Jon Morby
FidoNet Registration Services Ltd
tel: 0845 004 3050 / fax: 0845 004 3051
web: http://www.fido.net/

Re: Question about IP

2007-03-11 Thread Jon Morby 

On 10 Mar 2007, at 14:58, Akin Nomad wrote:


c: 2001:16c8:ffd7::b:33.255.3.2


I would say this one  on the basis that (notation of) IPv6  
addresses are colon separated and IPv4 addresses are period separated  
and this uses a mixture of colon an period


But I could be wrong.

--
Jon Morby
FidoNet Registration Services Ltd
tel: 0845 004 3050 / fax: 0845 004 3051
web: http://www.fido.net/

Re: OSPF and IPv6

2007-03-01 Thread Jon Morby 

Ok thanks for that .. guess it's time to dig out quagga again :(

Cheers

On 1 Mar 2007, at 07:13, Esben Norby wrote:


On Wednesday 28 February 2007 14:58:49 Jon Morby wrote:

Unless I'm missing something OpenOSPFD doesn't currently seem to
support IPv6 ?


IPv6 is not supported currently, and I think it will be a while  
before that

happens.

/Esben

OSPF and IPv6

2007-02-28 Thread Jon Morby 
Unless I'm missing something OpenOSPFD doesn't currently seem to  
support IPv6 ?

Are there any recommendations as to what we should use to manage  
dynamic routing of IPv6 addresses within a WAN?

(or am I missing something obvious?)




-- 
Jon Morby
FidoNet Registration Services Ltd
tel: 0845 004 3050 / fax: 0845 004 3051
web: http://www.fido.net/

Re: DHCP server issues.

2007-02-25 Thread Jon Morby 

Hi Bray

What do the logs say?

Also, try running dhcpd with -d -f

 -d  Force dhcpd to log to stderr.  This can be useful for  
debugging,
 and also at sites where a complete log of all dhcp  
activity must
 be kept, but syslogd(8) is not reliable or otherwise  
cannot be
 used.  Normally, dhcpd will log all output using the  
syslog(3)

 function with the log facility set to LOG_DAEMON.

 -f  Run dhcpd as a foreground process, rather than allowing  
it to run
 as a daemon in the background.  This is useful when  
running dhcpd
 under a debugger, or when running it out of inittab on  
System V

 systems.

On 26 Feb 2007, at 00:45, Bray Mailloux wrote:

I've been toying with the DHCP server options but cannot seem to  
bring up the process; everytime I run ps there is no dhcpd process  
to be found and no computers on my network are pulling down  
addresses from the server.

My DHCPD.conf file looks as such.

-bash-3.1# nano /etc/dhcpd.conf
 GNU nano 1.2.5File: /etc/dhcpd.conf

#   $OpenBSD: dhcpd.conf,v 1.1 1998/08/19 04:25:45 form Exp $
#
# DHCP server options.
# See dhcpd.conf(5) and dhcpd(8) for more information.
#

# Network:  192.168.1.0/255.255.255.0
# Domain name:  none
# Name servers: 68.94.156.1 and 68.94.157.1
# Default router:   192.168.1.1
# Addresses:192.168.1.20 - 192.168.1.35
#
shared-network LOCAL-NET {
   option domain-name "example.com";
   option domain-name-servers 68.94.156.1, 68.94.157.1;

   subnet 192.168.1.0 netmask 255.255.255.0 {
   option routers 192.168.1.1;
   range 192.168.1.20 192.168.1.35;
   }
}

And my interfaces are configured as such.

cat /etc/hostname.rl0  < External interface
inet 192.168.1.2255.255.255.0   NONE

cat /etc/hostname.rl1 < Internal Interface
192.168.1.3   255.255.255.0
nano rc.conf.local reads as such
dhcpd_flags=""

ospfd problems in -current

2007-02-24 Thread Jon Morby 

I'm having problems with ospfd in -current

Up until about 2 weeks ago this was working however since updating to  
more recent snapshots (including last night's build) ospfd no longer  
seems to recognise link on the vlan interface at boot up


[EMAIL PROTECTED] ospfctl sh in
Interface   AddressState  HelloTimer Linkstate  Uptime 
nc  ac
vlan544 80.252.124.3/24DOWN   stoppedno carrier  
00:00:00   0   0


[EMAIL PROTECTED] pkill ospfd
[EMAIL PROTECTED] ospfd
[EMAIL PROTECTED] ospfctl sh in
Interface   AddressState  HelloTimer Linkstate  Uptime 
nc  ac
vlan544 80.252.124.3/24WAIT   00:00:07   active  
00:00:03   1   0



As you'll see if I kill and restart ospfd the link shows as active  
and everything seems to work as it should.


The logs don't show much ...

Feb 25 03:13:55 l3-c1 ospfd[28113]: if_act_reset: error leaving group  
224.0.0.5, interface vlan544

Feb 25 03:13:55 l3-c1 ospfd[28113]: ospf engine exiting


This was definitely working with the same config with January  
snapshots .. but checking logs on source-changes I can't really see  
anything "obvious" that would explain this.


The config we have here on this particular router is a little  
complex ... I've not had chance to try this on a simpler config as yet.


bge0 and bge1 are configured as trunk0
vlan544 then uses trunk0 as its vlandev

If I revert to the earlier snapshot ospfd comes up fine on reboot  
without manual intervention.



dmesg follows


OpenBSD 4.1-beta (GENERIC) #1406: Sat Feb 24 12:33:46 MST 2007
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Intel(R) Pentium(R) 4 CPU 3.00GHz ("GenuineIntel" 686-class)  
3.01 GHz
cpu0:  
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36, 
CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,CNXT- 
ID,xTPR

real mem  = 1063743488 (1038812K)
avail mem = 963207168 (940632K)
using 4278 buffers containing 53309440 bytes (52060K) of memory
mainbus0 (root)
bios0 at mainbus0: AT/286+ BIOS, date 04/07/05, BIOS32 rev. 0 @  
0xfa000, SMBIOS rev. 2.3 @ 0xf0800 (49 entries)

bios0: Supermicro P8SCT
apm0 at bios0: Power Management spec V1.2
apm0: AC on, battery charge unknown
apm0: flags 70102 dobusy 1 doidle 1
pcibios0 at bios0: rev 3.0 @ 0xf/0xcb84
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfca20/336 (19 entries)
pcibios0: PCI Exclusive IRQs: 5 9 10 12
pcibios0: PCI Interrupt Router at 000:31:0 ("Intel 82801FB LPC" rev  
0x00)

pcibios0: PCI bus #5 is the last bus
bios0: ROM list: 0xc/0x9400!
acpi at mainbus0 not configured
cpu0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 "Intel E7221 MCH Host" rev 0x05
ppb0 at pci0 dev 1 function 0 "Intel E7221 PCIE" rev 0x05
pci1 at ppb0 bus 1
ppb1 at pci1 dev 0 function 0 "Intel PCIE-PCIE" rev 0x09
pci2 at ppb1 bus 2
"Intel IOxAPIC" rev 0x09 at pci1 dev 0 function 1 not configured
vga1 at pci0 dev 2 function 0 "Intel E7221 Video" rev 0x05: aperture  
at 0xd030, size 0x800

wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
ppb2 at pci0 dev 28 function 0 "Intel 82801FB PCIE" rev 0x03
pci3 at ppb2 bus 3
bge0 at pci3 dev 0 function 0 "Broadcom BCM5721" rev 0x11, BCM5750 B1  
(0x4101): irq 12, address 00:30:48:83:39:c4

brgphy0 at bge0 phy 1: BCM5750 10/100/1000baseT PHY, rev. 0
ppb3 at pci0 dev 28 function 1 "Intel 82801FB PCIE" rev 0x03
pci4 at ppb3 bus 4
bge1 at pci4 dev 0 function 0 "Broadcom BCM5721" rev 0x11, BCM5750 B1  
(0x4101): irq 10, address 00:30:48:83:39:c5

brgphy1 at bge1 phy 1: BCM5750 10/100/1000baseT PHY, rev. 0
uhci0 at pci0 dev 29 function 0 "Intel 82801FB USB" rev 0x03: irq 5
usb0 at uhci0: USB revision 1.0
uhub0 at usb0
uhub0: Intel UHCI root hub, rev 1.00/1.00, addr 1
uhub0: 2 ports with 2 removable, self powered
uhci1 at pci0 dev 29 function 1 "Intel 82801FB USB" rev 0x03: irq 10
usb1 at uhci1: USB revision 1.0
uhub1 at usb1
uhub1: Intel UHCI root hub, rev 1.00/1.00, addr 1
uhub1: 2 ports with 2 removable, self powered
uhci2 at pci0 dev 29 function 2 "Intel 82801FB USB" rev 0x03: irq 9
usb2 at uhci2: USB revision 1.0
uhub2 at usb2
uhub2: Intel UHCI root hub, rev 1.00/1.00, addr 1
uhub2: 2 ports with 2 removable, self powered
uhci3 at pci0 dev 29 function 3 "Intel 82801FB USB" rev 0x03: irq 12
usb3 at uhci3: USB revision 1.0
uhub3 at usb3
uhub3: Intel UHCI root hub, rev 1.00/1.00, addr 1
uhub3: 2 ports with 2 removable, self powered
ehci0 at pci0 dev 29 function 7 "Intel 82801FB USB" rev 0x03: irq 5
usb4 at ehci0: USB revision 2.0
uhub4 at usb4
uhub4: Intel EHCI root hub, rev 2.00/1.00, addr 1
uhub4: 8 ports with 8 removable, self powered
ppb4 at pci0 dev 30 function 0 "Intel 82801BA AGP" rev 0xd3
pci5 at ppb4 bus 5
ichpcib0 at pci0 dev 31 function 0 "Intel 82801FB LPC" rev 0x03: PM  
disabled
pciide0 at pci0 dev 31 function 1 "Intel 82801FB IDE" rev 0x03: DMA,  
channel 0 configured to compatibility,

Re: Port trunking/bonding

2007-02-12 Thread Jon Morby 

On 12 Feb 2007, at 14:31, Claudio Jeker wrote:



Roundrobin may increase packet reordering which in turn reduces the  
tcp
window size because tcp thinks it is a network congestion. In the  
worst
case one connection may run slower over two link trunk than over a  
single
link. You need a real multilink capable L2 portocol (like ppp) to  
fully

use the bandwith of the additional link. Ethernet was not designed for
that and so bonding/trunking of interfaces give you a sub-optimal
performance improvement.
--
:wq Claudio




Thanks

That explains a lot 

I guess until we can afford / source / upgrade to 10Gig capable  
infrastructure, we're stuck with bonding and the issues that you  
describe.


It's certainly going to be better than the packet loss we'd see  
trying to squeeze 1.6Gbit of traffic down a 1Gbit connection I guess  
- even if we have to bond 3 GigE links together to ensure we allow  
for over head


Cheers

--
Jon Morby
FidoNet Registration Services Ltd
tel: 0845 004 3050 / fax: 0845 004 3051
web: http://www.fido.net/

Re: Port trunking/bonding

2007-02-12 Thread Jon Morby 

Actually .. maybe I'm expecting too much from this ...

With 1 of the ports disabled, and roundrobin specified - transfer  
speeds dropped from 1.2MB/s to about 780KB/s


Certainly at GigE speeds the graphs look a little more as I would  
expect, so it could also be an artefact of testing at 10baseT I guess


--
Jon Morby
FidoNet Registration Services Ltd
tel: 0845 004 3050 / fax: 0845 004 3051
web: http://www.fido.net/

Re: Port trunking/bonding

2007-02-12 Thread Jon Morby 

On 12 Feb 2007, at 13:18, Stuart Henderson wrote:


On 2007/02/12 12:44, Jon Morby wrote:

My problem is that graphs of the 2 cisco ports show traffic is only
going via the 1 port and not being balanced across both ports as I
would have expected.


loadbalance hashes the header to determine which link to use; you  
might

want round-robin instead? check trunk(4) for descriptions.



I should have said, I have also tried with roundrobin

and also removing the channel-group from the switch.

The only real performance increase I've seen is with the channel- 
group removed in which case we do see some traffic across both ports,  
but we still only get about 1.4MB/sec and not the 1.8MB/s-2.2MB/s I  
would have expected to see from scp transfers. (graphs show 8Mbit  
which matches what I'm seeing from scp)


With the ports set to GigE we see a major speed increase, so it's not  
a bottle neck on the sending machines as far as I can ascertain.








--
Jon Morby
FidoNet Registration Services Ltd
tel: 0845 004 3050 / fax: 0845 004 3051
web: http://www.fido.net/

Port trunking/bonding

2007-02-12 Thread Jon Morby 

Hi

I'm trying to run an experiment (initially) with regards bonding/ 
trunking ethernet ports under OpenBSD (current) .. but I'm hitting a  
snag and I haven't been able to google my way out of it as yet ...


I have 2 x Broadcom NICS set at 10mbit full duplex (for the purposes  
of the test .. in real life these will be either 2 or 4 x GigE ports)  
bonded together using trunk(4) (it's likely to be some time before we  
can afford 10 Gig infrastructure, but need more than 1Gig between  
certain segments of our network)


My problem is that graphs of the 2 cisco ports show traffic is only  
going via the 1 port and not being balanced across both ports as I  
would have expected.


What I need is what I believe is referred to as "link aggregation" ..  
ie traffic equal to the sum of all members of the "trunk(4)" and not  
just the one interface.


Helpful pointers gratefully received!

OpenBSD 4.0-current (GENERIC) #1: Sun Feb 11 23:29:59 GMT 2007

brgphy1 at bge1 phy 1: BCM5750 10/100/1000baseT PHY, rev. 0
bge0 at pci3 dev 0 function 0 "Broadcom BCM5721" rev 0x11, BCM5750 B1  
(0x4101): irq 12, address 00:30:48:83:39:c4

brgphy0 at bge0 phy 1: BCM5750 10/100/1000baseT PHY, rev. 0
bge1 at pci4 dev 0 function 0 "Broadcom BCM5721" rev 0x11, BCM5750 B1  
(0x4101): irq 10, address 00:30:48:83:39:c5



cat /etc/hostname.trunk0
up trunkproto loadbalance trunkport bge0 trunkport bge1
cat /etc/hostname.bge0
up
cat /etc/hostname.bge1
up

ifconfig trunk0
trunk0: flags=8843 mtu 1500
lladdr 00:30:48:83:39:c4
trunk: trunkproto loadbalance
trunkport bge1 active
trunkport bge0 master,active
groups: trunk
media: Ethernet autoselect
status: active
inet6 fe80::230:48ff:fe83:39c4%trunk0 prefixlen 64 scopeid 0x6

I have a cisco 3750 set with the 2 ports in their own channel

interface Port-channel1
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet1/0/1
description router-trunk
switchport trunk encapsulation dot1q
switchport mode trunk
duplex full
speed auto 10
channel-group 1 mode on
spanning-tree portfast trunk
!
interface GigabitEthernet1/0/2
description router-trunk
switchport trunk encapsulation dot1q
switchport mode trunk
duplex full
speed auto 10
channel-group 1 mode on
spanning-tree portfast trunk


sh ether 1 s
Flags:  D - downP - in port-channel
I - stand-alone s - suspended
H - Hot-standby (LACP only)
R - Layer3  S - Layer2
U - in use  f - failed to allocate aggregator
u - unsuitable for bundling
w - waiting to be aggregated
d - default port


Number of channel-groups in use: 2
Number of aggregators:   2

Group  Port-channel  ProtocolPorts
--+-+--- 
+---

1  Po1(SU)  -Gi1/0/1(P)  Gi1/0/2(P)

I have a host configured on a GigE port connected directly to the  
3750 and the OpenBSD box setup as a router


vlan309: flags=8843 mtu 1500
lladdr 00:30:48:83:39:c4
vlan: 309 priority: 0 parent interface: trunk0
groups: vlan
inet6 fe80::230:48ff:fe83:39c4%vlan309 prefixlen 64 scopeid 0x8
inet 80.252.126.1 netmask 0xff00 broadcast 80.252.126.255






--
Jon Morby
FidoNet Registration Services Ltd
tel: 0845 004 3050 / fax: 0845 004 3051
web: http://www.fido.net/