Browse Source

update example bgpd.conf to use new config language features:

network prefix-set ... and filters with prefix-set ... or-longer.
ok claudio@
OPENBSD_6_4
benno 6 years ago
parent
commit
f1efffb144
1 changed files with 6 additions and 14 deletions
  1. +6
    -14
      src/etc/examples/bgpd.conf

+ 6
- 14
src/etc/examples/bgpd.conf View File

@ -1,4 +1,4 @@
# $OpenBSD: bgpd.conf,v 1.12 2018/09/08 08:00:21 claudio Exp $
# $OpenBSD: bgpd.conf,v 1.13 2018/09/09 12:49:44 benno Exp $
# example bgpd configuration file, see bgpd.conf(5) # example bgpd configuration file, see bgpd.conf(5)
# define our own ASN as a macro # define our own ASN as a macro
@ -8,24 +8,16 @@ ASN="65001"
AS $ASN AS $ASN
router-id 192.0.2.1 router-id 192.0.2.1
# Generate routes for the networks our ASN will originate.
# The communities (read 'tags') are later used to match on what
# is announced to EBGP neighbors
network 192.0.2.0/24 set large-community $ASN:1:1
network 2001:db8:abcd::/48 set large-community $ASN:1:1
# list of networks that may be originated by our ASN # list of networks that may be originated by our ASN
prefix-set mynetworks { \ prefix-set mynetworks { \
192.0.2.0/24 \ 192.0.2.0/24 \
2001:db8:abcd::/48 \ 2001:db8:abcd::/48 \
} }
# this prefix-set is used to protect against accepting
# hijacks of our own originated address space
prefix-set mynetworks_orlonger { \
192.0.2.0/24 or-longer \
2001:db8:abcd::/48 or-longer \
}
# Generate routes for the networks our ASN will originate.
# The communities (read 'tags') are later used to match on what
# is announced to EBGP neighbors
network prefix-set mynetworks set large-community $ASN:1:1
# assume simple network with 3 routers in IBGP full mesh # assume simple network with 3 routers in IBGP full mesh
group "ibgp mesh v4" { group "ibgp mesh v4" {
@ -73,7 +65,7 @@ group "upstreams" {
allow to ebgp prefix-set mynetworks large-community $ASN:1:1 allow to ebgp prefix-set mynetworks large-community $ASN:1:1
# deny more-specifics of our own originated prefixes # deny more-specifics of our own originated prefixes
deny quick from ebgp prefix-set mynetworks_orlonger
deny quick from ebgp prefix-set mynetworks or-longer
# IBGP: allow all updates to and from our IBGP neighbors # IBGP: allow all updates to and from our IBGP neighbors
allow from ibgp allow from ibgp


Loading…
Cancel
Save