How to build a BGP looking glass with OpenBSD


A looking glass is a service that gathers routing information from your routers and thus gives you a central point to examine your sight of the Internet. Looking glasses are commonly used by ISPs and Internet exchange points and sometimes made publicly available to help others to solve routing issues. This howto focuses on BGP as it's the routing protocol amongst the various networks and autonomous systems that form the Internet.
A recent version of OpenBSD comes with OpenBGPD, an Apache webserver, and a CGI script called bgplg. These are the building blocks of our looking glass server.



  1. Install OpenBSD as usual. I created a 9 GB root partition and a 1 GB swap area.
  2. My /etc/rc.conf.local looks like this:
    # enable ntpd
    # disable audio server
    # disable inetd
    # enable httpd
    # enable openbgpd
  3. My /etc/bgpd.conf looks like this:
    AS 65511
    fib-update no
    listen on
    route-collector yes
    socket "/var/www/logs/bgpd.rsock" restricted
    neighbor {
      remote-as 65511
      descr "Juniper MX80"
      announce none
  4. Following the manpage bgplg, you have to:
    # chmod 0555 /var/www/cgi-bin/bgplg
    # chmod 0555 /var/www/bin/bgpctl
  5. Copy /etc/resolv.conf to /var/www/etc as httpd chroots itself to /var/www:
    # cp /etc/resolv.conf /var/www/etc/
  6. Start the webserver and openbgpd:
    # /etc/rc.d/httpd start
    # /etc/rc.d/bgpd start
  7. Your router's configuration should at least contain these lines:
    protocols {
        bgp {
            local-as 65511;
            group lookingglass {
                type internal;
                import reject;
                export accept;
    policy-options {
        policy-statement reject {
            then reject;
        policy-statement accept {
            then accept;
  8. Now open a webbrowser and go to (or whatever your looking glass server's address is). You should see something similiar to this: