OSPF with OpenBSD PoC

                                 +--------+10.1.1.1
                                 |        |   intnet
                                 |  obsd1 +--------------+
+-------------+ 10.0.0.1         |        |              |
|             +------------------+--------+    10.1.1.2  |
|  station    |                 10.0.0.254          +----+---+   10.2.2.254
|  ubuntu     |                                     |        |       internal2
|             |                                     |  obsd2 +-------+
+-------------+                                     |        |       |
                                                    +--------+       |
                                                                     |
                                                                     | 10.2.2.1
                                                                   +-+-----------+
                                                                   |             |
                                                                   |   station   |
                                                                   |   slackware |
                                                                   |             |
                                                                   +-------------+

10.0.0.1        ubuntu
10.0.0.254      obsd1.example.net obsd1
10.1.1.1        obsd1-facing
10.1.1.2        obsd2-facing
10.2.2.254      obsd2.example.net obsd2
10.2.2.1        slack

Handy serial console

Esp. useful if you’re on XEN or KVM

    vi /etc/boot.conf
    set tty com0
    vi /etc/ttys
    tty00 "/usr/libexec/getty std.9600" vt220 on secure

Enable forwarding

Make sure firewalling is not in our way for the PoC

pfctl -d
rcctl disable pf
cat /etc/rc.conf.local

Enable ip4 fwd

sysctl net.inet.ip.forwarding
sysctl -w net.inet.ip.forwarding=1
echo 'net.inet.ip.forwarding=1' >> /etc/sysctl.conf
cat /etc/sysctl.conf

OSPF setup

#/usr/libexec/locate.updatedb
#locate ospfd.conf
#cp -i /etc/examples/ospfd.conf /etc/ospfd.conf

touch /etc/ospfd.conf
chmod 600 /etc/ospfd.conf
vi /etc/ospfd.conf

router1

router-id 1.1.1.1
redistribute connected
#redistribute default

area 0.0.0.0 {
        interface xnf0
}

router2

router-id 2.2.2.2
redistribute connected
#redistribute default

area 0.0.0.0 {
        interface xnf0
        interface xnf1
}

(optional) enabling auth

password="PASSWORD"

        interface xnf0 {
            auth-type simple
            auth-key $password
        }

Ready to go

enable at boot-time and start

#echo '/usr/sbin/ospfd' >> /etc/rc.local
#cat /etc/rc.local
rcctl enable ospfd
cat /etc/rc.conf.local

#/usr/sbin/ospfd
rcctl start ospfd

status

tail -f /var/log/messages /var/log/daemon
pgrep ospfd
ps auxww | grep ospfd

stop

pkill ospfd

Acceptance

ospfctl show
ospfctl show neighbor
ospfctl show fib ospf
ospfctl show database
ospfctl show database network
netstat -rn -f inet

Then ping a leaf node from one side of the network to another. You might need to tune the routes on the ubuntu station, since it has a better default route already.

ip route add 10.1.1.0/24 via 10.0.0.254
ip route add 10.2.2.0/24 via 10.0.0.254

Resources

https://github.com/rwestphal/openbsd-ldpd/wiki/VPLS-basic-test-setup

http://lteo.net/blog/2013/09/03/a-small-mpls-test-network-built-with-openbsd/

https://research.kudelskisecurity.com/2013/05/21/complex-routing-with-openbsd/

https://2011.eurobsdcon.org/papers/jeker/MPLS.pdf

http://www.openbgpd.org/papers.html

https://www.openbsd.org/faq/faq6.html

https://www.openbsd.org/faq/faq10.html


GUIDES | LECTURES | BENCHMARKS | SMTP HEALTH