How to build a BGP looking glass with OpenBSD

Preface

A looking glass is a service that gathers routing information from your routers and thus gives you a central point to examine your sight of the Internet. Looking glasses are commonly used by ISPs and Internet exchange points and sometimes made publicly available to help others to solve routing issues. This howto focuses on BGP as it's the routing protocol amongst the various networks and autonomous systems that form the Internet.
A recent version of OpenBSD comes with OpenBGPD, an Apache webserver, and a CGI script called bgplg. These are the building blocks of our looking glass server.

Requirements

• An OpenBSD system. I used 5.2 amd64 inside a virtual machine with a 10 GB hdd, 1 cpu, and 1 GB ram.
• A router. I used a Juniper MX80.

Steps

1. Install OpenBSD as usual. I created a 9 GB root partition and a 1 GB swap area.
2. My /etc/rc.conf.local looks like this:

   # enable ntpd
   ntpd_flags=
   # disable audio server
   sndiod_flags=NO
   # disable inetd
   inetd_flags=NO
   # enable httpd
   httpd_flags=
   # enable openbgpd
   bgpd_flags=
   

3. My /etc/bgpd.conf looks like this:

   AS 65511
   fib-update no
   listen on 0.0.0.0
   route-collector yes
   router-id 192.168.0.25
   
   socket "/var/www/logs/bgpd.rsock" restricted
   
   neighbor 192.168.0.24 {
     remote-as 65511
     descr "Juniper MX80"
     announce none
   }
   

4. Following the manpage bgplg, you have to:

   # chmod 0555 /var/www/cgi-bin/bgplg
   # chmod 0555 /var/www/bin/bgpctl
   

5. Copy /etc/resolv.conf to /var/www/etc as httpd chroots itself to /var/www:

   # cp /etc/resolv.conf /var/www/etc/
   

6. Start the webserver and openbgpd:

   # /etc/rc.d/httpd start
   # /etc/rc.d/bgpd start
   

7. Your router's configuration should at least contain these lines:

   protocols {
       bgp {
           local-as 65511;
           group lookingglass {
               type internal;
               import reject;
               export accept;
               neighbor 192.168.0.25;
           }
       }
   }
   policy-options {
       policy-statement reject {
           then reject;
       }
       policy-statement accept {
           then accept;
       }
   }
   

8. Now open a webbrowser and go to http://192.168.0.25/cgi-bin/bgplg (or whatever your looking glass server's address is). You should see something similiar to this: