May 9, 2011 0
Using OpenBSD as a BGP Looking Glass
Since OpenBSD 4.1 there have been some interesting tools that could be used by an ISP, and one of these is bgplg
bgplg is a BGP Looking Glass, which is a piece of software that allows you to inspect a routing table, and see where you are learning the route to a particular network from.
If you have multiple Internet providers, this tool will show you the ‘preferred’ provider (the one with the shortest and theoretically fastest) path to a given network.
It is not enabled by default on a stock OpenBSD system, but you can enable it easily enough
You need to make the following changes as root to enable the bgplg system
# chmod 0555 /var/www/cgi-bin/bgplg
# chmod 0555 /var/www/bin/bgpctl
# mkdir /var/www/etc
# cp /etc/resolv.conf /var/www/etc
# chmod 4555 /var/www/bin/ping
# chmod 4555 /var/www/bin/ping6
# chmod 4555 /var/www/bin/traceroute
# chmod 4555 /var/www/bin/traceroute6
You will also need to start the Border Gateway Protocol daemon with a second, restricted, control socket that can be used from within the chroot(2) environment. If you are not sure how to do this, see bgpd.conf(5) for more information.
For example, add the following to /etc/bgpd.conf to have bgpd(8) open a second, restricted, control socket:
socket "/var/www/logs/bgpd.rsock" restricted
Start the Apache HyperText Transfer Protocol server. See httpd(8) for more information.
The Standard output is rather spartan, but can be customised by making some changes to various files in the conf/ directory
/var/www/conf/bgplg.css Optional bgplg CSS style sheet.
/var/www/conf/bgplg.head Optional bgplg HTML header.
/var/www/conf/bgplg.foot Optional bgplg HTML footer.