# FreeBSD and OpenBGPD



## angelvg (Oct 20, 2020)

Hello friends,

I am trying to configure OpenBGPD and when starting the service I get the following error:

`#  /usr/local/etc/rc.d/openbgpd start`


```
Starting openbgpd.
/usr/local/etc/bgpd.conf:79: Community 271802 is too large (max: 65535)
config file /usr/local/etc/bgpd.conf has errors
/usr/local/etc/rc.d/openbgpd: WARNING: failed to start openbgpd
```

This is the config file used:

`#  cat /usr/local/etc/bgpd.conf`


```
# $OpenBSD: bgpd.conf,v 1.15 2018/11/17 17:22:38 deraadt Exp $
# example bgpd configuration file, see bgpd.conf(5)

# define our own ASN as a macro
ASN="271802"

# global configuration
AS $ASN
router-id 10.0.0.6

# list of networks that may be originated by our ASN
prefix-set mynetworks {        \
        2801:19:a800::/48      \
}

# Resource Public Key Infrastructure RPKI
include "/var/db/rpki-client/openbgpd"

# define bogon prefixes which should not be part of the DFZ
prefix-set bogons {
        0.0.0.0/8 or-longer              # 'this' network [RFC1122]
        10.0.0.0/8 or-longer            # private space [RFC1918]
        100.64.0.0/10 or-longer      # CGN Shared [RFC6598]
        127.0.0.0/8 or-longer          # localhost [RFC1122]
        169.254.0.0/16 or-longer    # link local [RFC3927]
        172.16.0.0/12 or-longer      # private space [RFC1918]
        192.0.2.0/24 or-longer        # TEST-NET-1 [RFC5737]
        192.88.99.0/24 or-longer    # 6to4 anycast relay [RFC7526]
        192.168.0.0/16 or-longer    # private space [RFC1918]
        198.18.0.0/15 or-longer      # benchmarking [RFC2544]
        198.51.100.0/24 or-longer  # TEST-NET-2 [RFC5737]
        203.0.113.0/24 or-longer    # TEST-NET-3 [RFC5737]
        224.0.0.0/4 or-longer          # multicast
        240.0.0.0/4 or-longer          # reserved for future use
        ::/8 or-longer                       # RFC 4291 IPv4-compatible, loopback, et al
        0100::/64 or-longer             # Discard-Only [RFC6666]
        2001:2::/48 or-longer          # BMWG [RFC5180]
        2001:10::/28 or-longer        # ORCHID [RFC4843]
        2001:db8::/32 or-longer      # docu range [RFC3849]
        2002::/16 or-longer             # 6to4 anycast relay [RFC7526]
        3ffe::/16 or-longer               # old 6bone
        fc00::/7 or-longer                # unique local unicast
        fe80::/10 or-longer              # link local unicast
        fec0::/10 or-longer              # old site local unicast
        ff00::/8 or-longer                 # multicast
}

# Generate routes for the networks our ASN will originate.
# The communities (read 'tags') are later used to match on what
# is announced to EBGP neighbors
#network prefix-set mynetworks set large-community $ASN:1:1

# upstream providers
group "upstreams" {
 
        neighbor 10.0.0.5 {
                             remote-as 13489
                             descr "IPv4 Transit Provider A"
        }

        neighbor 2800:e7:a8:6000::1 {
                             remote-as 13489
                             descr "IPv6 Transit Provider A"
        }
}

## rules section

# uncomment the following two lines to accept a default route from upstreams
#allow from group upstreams prefix 0.0.0.0/0
#allow from group upstreams prefix ::/0

### for simple BGP setups, no editing below this line is required ###

# Outbound EBGP: only allow self originated networks to ebgp peers
# Don't leak any routes from upstream or peering sessions. This is done
# by checking for routes that are tagged with the large-community $ASN:1:1
allow to ebgp prefix-set mynetworks large-community $ASN:1:1

# deny more-specifics of our own originated prefixes
deny quick from ebgp prefix-set mynetworks or-longer

# Scrub normal and large communities relevant to our ASN from EBGP neighbors
# https://tools.ietf.org/html/rfc7454#section-11
match from ebgp set { community delete $ASN:* }
match from ebgp set { large-community delete $ASN:*:* }

# filter out prefixes longer than 24 or shorter than 8 bits for IPv4
# and longer than 48 or shorter than 16 bits for IPv6.
allow from any inet prefixlen 8 - 24
allow from any inet6 prefixlen 16 - 48

# Honor requests to gracefully shutdown BGP sessions
# https://tools.ietf.org/html/rfc8326
match from any community GRACEFUL_SHUTDOWN set { localpref 0 }

deny quick from any prefix-set bogons

# filter bogon AS numbers
# AS_TRANS (23456) is not supposed to show up in any path and indicates a
# misconfiguration. Additionally Private or Reserved ASNs have no place in
# the public DFZ. http://www.iana.org/assignments/as-numbers/as-numbers.xhtml
deny quick from any AS 23456
deny quick from any AS 64496 - 131071
deny quick from any AS 4200000000 - 4294967295

# filter out too long paths
deny from any max-as-len 100
```

Thank you for any help!


----------



## SirDice (Oct 20, 2020)

You can't just pluck an AS number out of thin air. 






						Autonomous system (Internet) - Wikipedia
					






					en.wikipedia.org


----------



## angelvg (Oct 20, 2020)

SirDice

And who told you that I got it out of nowhere?

The information is real assigned by LACNIC!

But thanks for the interest

I found the problem...

ASN 16 bit is up to  65535

LACNIC now is assigning ASN 32 bit > 65535

The solution is comment the line

#match from ebgp set { community delete $ASN:* }

Now the service is working in testing ambient...

`# bgpctl show summary`


```
Neighbor                   AS    MsgRcvd    MsgSent  OutQ Up/Down  State/PrfRcvd
IPv4 Transit Provider A 13489       1033         29     0 00:13:24  26158
IPv6 Transit Provider A 13489        801         30     0 00:13:24  10362
```

Hope this helps others


----------

