MàJ configuration pour version >= 6.4

2019-07-12 11:53:00 +02:00 · 2019-07-12 11:53:00 +02:00 · c681646e99
parent bec03a93d6
commit c681646e99
1 changed files with 25 additions and 4 deletions
--- a/HowtoOpenBSD/OpenBGPD.md
+++ b/HowtoOpenBSD/OpenBGPD.md
@ -93,17 +93,27 @@ listen on 10.0.0.2
 holdtime 180
 holdtime min 3
 fib-update yes
-network 192.0.32.0/24
+
+# List of networks that may be originated by our ASN
+prefix-set mynetworks {     \
+    192.0.32.0/24        \
+}
+
+# Generate routes for the networks our ASN will originate.
+network prefix-set mynetworks 
+

 group "peering AS65002" {
        remote-as 65002
        neighbor 10.0.0.3 {
                descr   "AS 65002 peer 1"
-                announce all
                tcp md5sig password mekmitasdigoat
        }
 }

+# Outbound EBGP: allow self originated networks to ebgp peers
+allow to ebgp prefix-set mynetworks 
+
 deny from any
 allow from any inet prefixlen 8 - 24
 ~~~
@ -117,21 +127,32 @@ listen on 10.0.0.3
 holdtime 180
 holdtime min 3
 fib-update yes
-network 192.0.33.0/24
+
+# List of networks that may be originated by our ASN
+prefix-set mynetworks {     \
+    192.0.33.0/24        \
+}
+
+# Generate routes for the networks our ASN will originate.
+network prefix-set mynetworks 

 group "peering AS65001" {
        remote-as 65001
        neighbor 10.0.0.2 {
                descr   "AS 65001 peer 1"
-                announce all
                tcp md5sig password mekmitasdigoat
        }
 }

+# Outbound EBGP: allow self originated networks to ebgp peers
+allow to ebgp prefix-set mynetworks 
+
 deny from any
 allow from any inet prefixlen 8 - 24
 ~~~

+Note : la directive `allow to ebgp prefix-set mynetworks` est nécessaire à partir d'OpenBSD 6.4 où les directives `announce (all|none|self|default-route)` n'existent plus. Par défaut, rien n'est envoyé et il faut explicitement indiquer quels préfixes autoriser.
+
 ## Utilisation (observer)

 ### Pour voir les réseaux annoncés