From c681646e9934f682e54903e3126e830c72b05f4a Mon Sep 17 00:00:00 2001
From: jdubois <jdubois+gitit@evolix.fr>
Date: Fri, 12 Jul 2019 11:53:00 +0200
Subject: [PATCH] =?UTF-8?q?M=C3=A0J=20configuration=20pour=20version=20>?=
 =?UTF-8?q?=3D=206.4?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 HowtoOpenBSD/OpenBGPD.md | 29 +++++++++++++++++++++++++----
 1 file changed, 25 insertions(+), 4 deletions(-)

diff --git a/HowtoOpenBSD/OpenBGPD.md b/HowtoOpenBSD/OpenBGPD.md
index f0075839..da677fb6 100644
--- a/HowtoOpenBSD/OpenBGPD.md
+++ b/HowtoOpenBSD/OpenBGPD.md
@@ -93,17 +93,27 @@ listen on 10.0.0.2
 holdtime 180
 holdtime min 3
 fib-update yes
-network 192.0.32.0/24
+
+# List of networks that may be originated by our ASN
+prefix-set mynetworks {     \
+    192.0.32.0/24        \
+}
+
+# Generate routes for the networks our ASN will originate.
+network prefix-set mynetworks 
+
 
 group "peering AS65002" {
         remote-as 65002
         neighbor 10.0.0.3 {
                 descr   "AS 65002 peer 1"
-                announce all
                 tcp md5sig password mekmitasdigoat
         }
 }
 
+# Outbound EBGP: allow self originated networks to ebgp peers
+allow to ebgp prefix-set mynetworks 
+
 deny from any
 allow from any inet prefixlen 8 - 24
 ~~~
@@ -117,21 +127,32 @@ listen on 10.0.0.3
 holdtime 180
 holdtime min 3
 fib-update yes
-network 192.0.33.0/24
+
+# List of networks that may be originated by our ASN
+prefix-set mynetworks {     \
+    192.0.33.0/24        \
+}
+
+# Generate routes for the networks our ASN will originate.
+network prefix-set mynetworks 
 
 group "peering AS65001" {
         remote-as 65001
         neighbor 10.0.0.2 {
                 descr   "AS 65001 peer 1"
-                announce all
                 tcp md5sig password mekmitasdigoat
         }
 }
 
+# Outbound EBGP: allow self originated networks to ebgp peers
+allow to ebgp prefix-set mynetworks 
+
 deny from any
 allow from any inet prefixlen 8 - 24
 ~~~
 
+Note : la directive `allow to ebgp prefix-set mynetworks` est nécessaire à partir d'OpenBSD 6.4 où les directives `announce (all|none|self|default-route)` n'existent plus. Par défaut, rien n'est envoyé et il faut explicitement indiquer quels préfixes autoriser.
+
 ## Utilisation (observer)
 
 ### Pour voir les réseaux annoncés