From: Claudio Jeker Subject: bgpd.conf with 4-byte ASN To: tech@openbsd.org Date: Tue, 17 Dec 2024 21:19:00 +0100 This makes the example bgpd.conf work with a 4byte ASN. In general I would try to avoid using a macro expand in communities when there is local-as and neighbor-as I left the only $ASN in the ibgp example (apart from AS $ASN at the top). -- :wq Claudio Index: bgpd.conf =================================================================== RCS file: /cvs/src/etc/examples/bgpd.conf,v diff -u -p -r1.25 bgpd.conf --- bgpd.conf 29 Aug 2024 12:58:57 -0000 1.25 +++ bgpd.conf 17 Dec 2024 20:15:59 -0000 @@ -2,7 +2,7 @@ # example bgpd configuration file, see bgpd.conf(5) # define our own ASN as a macro -ASN="65001" +ASN="4200000001" # global configuration AS $ASN @@ -50,7 +50,7 @@ prefix-set bogons { # Generate routes for the networks our ASN will originate. # The communities (read 'tags') are later used to match on what # is announced to EBGP neighbors -network prefix-set mynetworks set large-community $ASN:1:1 +network prefix-set mynetworks set large-community local-as:1:1 # assume simple network with 3 routers in IBGP full mesh group "ibgp mesh" { @@ -91,8 +91,8 @@ group "upstreams" { # Outbound EBGP: only allow self originated networks to ebgp peers # Don't leak any routes from upstream or peering sessions. This is done -# by checking for routes that are tagged with the large-community $ASN:1:1 -allow to ebgp prefix-set mynetworks large-community $ASN:1:1 +# by checking for routes that are tagged with the large-community local-as:1:1 +allow to ebgp prefix-set mynetworks large-community local-as:1:1 # deny more-specifics of our own originated prefixes deny quick from ebgp prefix-set mynetworks or-longer @@ -103,8 +103,8 @@ allow to ibgp # Scrub normal and large communities relevant to our ASN from EBGP neighbors # https://tools.ietf.org/html/rfc7454#section-11 -match from ebgp set { community delete $ASN:* } -match from ebgp set { large-community delete $ASN:*:* } +match from ebgp set { community delete local-as:* } +match from ebgp set { large-community delete local-as:*:* } # filter out prefixes longer than 24 or shorter than 8 bits for IPv4 # and longer than 48 or shorter than 16 bits for IPv6.