Index | Thread | Search

From:
Claudio Jeker <cjeker@diehard.n-r-g.com>
Subject:
bgpd.conf with 4-byte ASN
To:
tech@openbsd.org
Date:
Tue, 17 Dec 2024 21:19:00 +0100

Download raw body.

Thread 
This makes the example bgpd.conf work with a 4byte ASN.

In general I would try to avoid using a macro expand in communities when
there is local-as and neighbor-as

I left the only $ASN in the ibgp example (apart from AS $ASN at the top).
-- 
:wq Claudio

Index: bgpd.conf
===================================================================
RCS file: /cvs/src/etc/examples/bgpd.conf,v
diff -u -p -r1.25 bgpd.conf
--- bgpd.conf	29 Aug 2024 12:58:57 -0000	1.25
+++ bgpd.conf	17 Dec 2024 20:15:59 -0000
@@ -2,7 +2,7 @@
 # example bgpd configuration file, see bgpd.conf(5)
 
 # define our own ASN as a macro
-ASN="65001"
+ASN="4200000001"
 
 # global configuration
 AS $ASN
@@ -50,7 +50,7 @@ prefix-set bogons {
 # Generate routes for the networks our ASN will originate.
 # The communities (read 'tags') are later used to match on what
 # is announced to EBGP neighbors
-network prefix-set mynetworks set large-community $ASN:1:1
+network prefix-set mynetworks set large-community local-as:1:1
 
 # assume simple network with 3 routers in IBGP full mesh
 group "ibgp mesh" {
@@ -91,8 +91,8 @@ group "upstreams" {
 
 # Outbound EBGP: only allow self originated networks to ebgp peers
 # Don't leak any routes from upstream or peering sessions. This is done
-# by checking for routes that are tagged with the large-community $ASN:1:1
-allow to ebgp prefix-set mynetworks large-community $ASN:1:1
+# by checking for routes that are tagged with the large-community local-as:1:1
+allow to ebgp prefix-set mynetworks large-community local-as:1:1
 
 # deny more-specifics of our own originated prefixes
 deny quick from ebgp prefix-set mynetworks or-longer
@@ -103,8 +103,8 @@ allow to ibgp
 
 # Scrub normal and large communities relevant to our ASN from EBGP neighbors
 # https://tools.ietf.org/html/rfc7454#section-11
-match from ebgp set { community delete $ASN:* }
-match from ebgp set { large-community delete $ASN:*:* }
+match from ebgp set { community delete local-as:* }
+match from ebgp set { large-community delete local-as:*:* }
 
 # filter out prefixes longer than 24 or shorter than 8 bits for IPv4
 # and longer than 48 or shorter than 16 bits for IPv6.