OpenBGPD (also known as OpenBSD Border Gateway Protocol Daemon) | |
Logo Size: | 300px |
Logo Caption: | "Go ahead. Explore." |
Developer: | The OpenBSD Project |
Programming Language: | C |
Operating System: | OpenBSD, FreeBSD, Linux |
Genre: | Border Gateway Protocol daemon |
License: | ISC |
Standard: | RFC 1997, RFC 2385, RFC 2545, RFC 2918, RFC 3765, RFC 4271, RFC 4360, RFC 4364, RFC 4456, RFC 4486, RFC 4760, RFC 4893, RFC 5082, RFC 5492, draft-ietf-idr-optional-transitive-00, draft-ietf-grow-mrt-17, RFC 6608 |
Asof: | April 2021 |
OpenBGPD, also known as OpenBSD Border Gateway Protocol Daemon, is a server software program that allows general purpose computers to be used as routers. It is a Unix system daemon that provides a free, open-source implementation of the Border Gateway Protocol version 4. This allows a machine to exchange routes with other systems that speak BGP.
OpenBSD Border Gateway Protocol Daemon is developed by Henning Brauer, Peter Hessler, and Claudio Jeker as part of the OpenBSD project. OpenOSPFD, developed by Esben Nørby, is a companion daemon of OpenBGPD that implements the Open Shortest Path First protocol. The suite was developed as an alternative to packages such as Quagga, a Linux-focused routing suite which is licensed under the GPL and does not meet the project's requirements and quality standards.[1]
The design goals of OpenBSD Border Gateway Protocol Daemon include being secure (non-exploitable), reliable, and lean enough for most users, both in size and memory usage. The configuration language should be both powerful and easy to use. It must also be able to quickly handle hundreds of thousands of table entries in a memory-efficient way.
OpenBGPD consists of a parent process, and two child processes: the Route Decision Engine (RDE), and the Session Engine (SE). The parent process is the only part that doesn't drop privileges; the others do, in the interest of non-exploitability. The parent process cannot drop privileges, because it needs to update the routing table and it has to run on a privileged port (179).