OpenBSD Project Announces OpenBGPD

44BSD writes "As noted at undeadly, the OpenBSD Project has announced an BSD-licensed implementation of the Border Gateway Protocol, BGP. Project details, design goals, documentation, and more are at the project web site. BGP is documented in RFC 1771. Lucky for Cisco, BSD is dying..."

BSD License

[secolactico]

Lucky for everyone else, a BSD license will make it easy to implement in every other router box and make it cheap. Or so I hope.

Re:BSD License

[BJH]

As opposed to a security hole in a closed-source router... like a Cisco?

A default username/password pair is present in all releases of the Wireless LAN Solution Engine (WLSE) and Hosting Solution Engine (HSE) software. A user who logs in using this username has complete control of the device. This username cannot be disabled. There is no workaround.

Golly, if you had the source, you might be able to do something like... hmmm... I dunno... disable the default password, maybe?

Throughput, Expansion Slots, Network Size, Market

Unfortuantely, even the fanciest boxes running BSD can't complete on a pure throughput basis with good Cisco routers. An twenty-four port gigabit Cisco router has a 48 Gbps backplane, but a PC running BSD will be limited by its bus--the fastest servers have a 64 bit 133 MHz bus with PCI-X. That's 8 Gbps. And you can't put more than a handful of network cards in even the largest BSD-capable server--there simply aren't the expansion slots. So this really couldn't be used for core Internet routers.

And, of course, you don't need to be running BGP on small networks--it's only when you've got a number of large networks joined together, at a chokepoint, where you need to use BGP to properly route traffic. So there's no point to it for small businesses with who might be trying to save money over a Cisco router--they don't need BRP.

I wonder, then: where is the market for this....?

Re:Throughput, Expansion Slots, Network Size, Mark

[matthew.thompson]

Just because it's BSD doesn't mean that it's going to be limited to PC Architecture.

This project could give a boost to manufacturers of competing kit by having a code base that it doesn't have to start from scratch and can be run on a minimal BSD distribution.

There's nothing to stop A.N.Other manufacturer creating their own arcitecture and running this ontop.

Re:Throughput, Expansion Slots, Network Size, Mark

[dmiller]

Many, many sites use BGP at less that 8Gbps aggregate throughput - hell I know of several sites that still run partial feeds over ISDN BRI. I just don't see where you get the idea that BGP is only for core routers.

Re:Throughput, Expansion Slots, Network Size, Mark

[Progman3K]

>I wonder, then: where is the market for this....?

Perhaps when hackers start using the vulnerabilities in the BGP protocol to attack the Internet and those vulnerabilities are not found to be present or are fixed faster in the open BSD code, that'll justify the project's existence.

I mean we've already seen that open-source has fewer vulnerabilites than closed-source in general (Think I.I.S. vs Apache), so this will just become another way to secure the Internet.

Go OpenBSD!

[RAMMS+EIN]

It appears that a lot of good stuff keeps coming out of OpenBSD. They truly focus on the things that matter (for them). Not gadgets or eye candy, but clean, solid, secure network implementations. Kudos again!

That's the stupidest argument ever

[Gordonjcp]

You *always* hear this when someone mentions using a PC as a router "Oh, PCs are too slow to route multi-gigabyte connections, Cisco are far better".

Yes, and a Boeing 747 can carry a hell of a lot more passengers than a Citroen CX. Guess which one is most cost-effective and works best for a 40-mile commute?

Re:Doesn't compile on Linux

[Eivind+Eklund]

Disclaimer: I'm a FreeBSD developer, with the bias that brings.

I think it is a good choice for the OpenBSD cases. It allows development to be done at better development speed and with cleaner code than something trying to be completely portable. This makes it easier to track security and work with the code.

I'll also note that most software that is "portable" today is written using GNU autotools, which makes it, on average, less portable than software was before autoconf. Either it works at once (this happens reasonable often), or there is a significant amount of pain to make it work. Ten to fifteen years ago, there was usually some work involved, but the average was less, and it was spread out.

Separating the porting part from the initial clean codebase means that it is possible to debug them separately, and when autotools fails, it is easier to go around them.

Eivind.

Re:I feel your pain. Any suggestions...

Man pages. Seriously. GNU is good about documenting their extensions, and better yet, they explain why they wrote those extensions. Usually they say things like "SVR4 had a buggy implementation, so we rewrote it to work right." Well, the GNU folks probably aren't the only ones with that idea, so you may find that other OSes have "fixed" the implementation, deviating from the de facto standard. Those are all potential trouble spots, so you should stay away from them if you can.

Another thing to be mindful of are Linuxisms, like /bin/sh being a link to /bin/bash; and, for that matter, all programs being in either /bin or /usr/bin. Everyone except Linux, more or less, puts stuff in /usr/local or /opt or God knows where else. So when writing scripts, set the interpreter as the actual interpreter: if you're using bashisms in your script, don't set the interpreter as /bin/sh. Don't put in any paths at all to the interpreter, either. Do #!/usr/bin/env bash instead, which will invoke the first bash on the caller's command line. That way you don't have to care if bash is in /bin/bash, /usr/bin/bash, /usr/local/bin/bash, or /opt/bin/bash. Or, in the case of qmail, /var/bash/bin/bash.

Re:Why not work on a current project, I dont get i

[evilviper]

Zebra and Quagga already exist.

They're unstable, incompatible, bloated, insecure, and quite importantly, virally bound to the GPL, which is most definately contrary to the BSD philosophy. PF was created (mainly) because the license was not acceptable.

Improving the architecture of say Quagga will be more beneficial and probably welcome than forking out your own.

To fix inherent problems, you almost always have to fork because of the incompatibilities. Plus, what advantage would it provide over starting from scratch? They're already screwed in the license department, since it's GPL'd.

What would you rather do... Build a house from the ground up, or take someone's completely trashed and poorly built house, and try to repair the entire thing? Often times, starting from scratch is the better option.

sounds much better than an all OpenBSD suite.

To you, but you aren't among the developers, so you get no say. They wanted something for BSD, just like they did with OpenSSH, just like they did with OpenNTPD, and PF.

If someone wants to put the effort into porting it, they can. If you want to import much of the code into Quagga, go right ahead. They see no benefit from doing that, though plenty of drawbacks for them, so they didn't do things that way.

<LICENSE_RANT>
I'd like to remind people that nothing has ever become a standard, with a GPL license attached to it. Things like TCP/IP, NFS, FTP, SMTP, DNS, all BSD (or even less restrictive) licensed, so others could actually use it, without having to sign the restrictive license that is the GPL. If nothing else, being BSD-licensed may give OpenBGPd a big audience of companies looking to integrate it.