|
@ -1,4 +1,4 @@ |
|
|
# $OpenBSD: bgpd.conf,v 1.12 2018/09/08 08:00:21 claudio Exp $ |
|
|
|
|
|
|
|
|
# $OpenBSD: bgpd.conf,v 1.13 2018/09/09 12:49:44 benno Exp $ |
|
|
# example bgpd configuration file, see bgpd.conf(5) |
|
|
# example bgpd configuration file, see bgpd.conf(5) |
|
|
|
|
|
|
|
|
# define our own ASN as a macro |
|
|
# define our own ASN as a macro |
|
@ -8,24 +8,16 @@ ASN="65001" |
|
|
AS $ASN |
|
|
AS $ASN |
|
|
router-id 192.0.2.1 |
|
|
router-id 192.0.2.1 |
|
|
|
|
|
|
|
|
# Generate routes for the networks our ASN will originate. |
|
|
|
|
|
# The communities (read 'tags') are later used to match on what |
|
|
|
|
|
# is announced to EBGP neighbors |
|
|
|
|
|
network 192.0.2.0/24 set large-community $ASN:1:1 |
|
|
|
|
|
network 2001:db8:abcd::/48 set large-community $ASN:1:1 |
|
|
|
|
|
|
|
|
|
|
|
# list of networks that may be originated by our ASN |
|
|
# list of networks that may be originated by our ASN |
|
|
prefix-set mynetworks { \ |
|
|
prefix-set mynetworks { \ |
|
|
192.0.2.0/24 \ |
|
|
192.0.2.0/24 \ |
|
|
2001:db8:abcd::/48 \ |
|
|
2001:db8:abcd::/48 \ |
|
|
} |
|
|
} |
|
|
|
|
|
|
|
|
# this prefix-set is used to protect against accepting |
|
|
|
|
|
# hijacks of our own originated address space |
|
|
|
|
|
prefix-set mynetworks_orlonger { \ |
|
|
|
|
|
192.0.2.0/24 or-longer \ |
|
|
|
|
|
2001:db8:abcd::/48 or-longer \ |
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
# Generate routes for the networks our ASN will originate. |
|
|
|
|
|
# The communities (read 'tags') are later used to match on what |
|
|
|
|
|
# is announced to EBGP neighbors |
|
|
|
|
|
network prefix-set mynetworks set large-community $ASN:1:1 |
|
|
|
|
|
|
|
|
# assume simple network with 3 routers in IBGP full mesh |
|
|
# assume simple network with 3 routers in IBGP full mesh |
|
|
group "ibgp mesh v4" { |
|
|
group "ibgp mesh v4" { |
|
@ -73,7 +65,7 @@ group "upstreams" { |
|
|
allow to ebgp prefix-set mynetworks large-community $ASN:1:1 |
|
|
allow to ebgp prefix-set mynetworks large-community $ASN:1:1 |
|
|
|
|
|
|
|
|
# deny more-specifics of our own originated prefixes |
|
|
# deny more-specifics of our own originated prefixes |
|
|
deny quick from ebgp prefix-set mynetworks_orlonger |
|
|
|
|
|
|
|
|
deny quick from ebgp prefix-set mynetworks or-longer |
|
|
|
|
|
|
|
|
# IBGP: allow all updates to and from our IBGP neighbors |
|
|
# IBGP: allow all updates to and from our IBGP neighbors |
|
|
allow from ibgp |
|
|
allow from ibgp |
|
|