From: Claudio Jeker Subject: bgpd: attribute transparency when transparent-as is set To: tech@openbsd.org Date: Tue, 7 Jan 2025 11:40:05 +0100 Right now transparent-as yes has some influence on attribute transparency but the well known communities NO_EXPORT, NO_ADVERTISE, and NO_EXPORT_SUBCONFED still filter out paths. This is not what we want so bypass that check if transparent-as is set to yes. Also be more precise in the documentation about transparent-as yes. -- :wq Claudio Index: bgpd.conf.5 =================================================================== RCS file: /cvs/src/usr.sbin/bgpd/bgpd.conf.5,v diff -u -p -r1.245 bgpd.conf.5 --- bgpd.conf.5 13 Dec 2024 19:21:03 -0000 1.245 +++ bgpd.conf.5 7 Jan 2025 10:26:26 -0000 @@ -407,8 +407,16 @@ The default is 180 seconds. .Xc If set to .Ic yes , +attribute transparency is enabled. .Em AS paths to EBGP neighbors are not prepended with the local AS. +Additionally the MULTI_EXIT_DISC attribute is passed transparently and +automatic filtering based on the well known communities +.Ic NO_EXPORT , +.Ic NO_ADVERTISE , +and +.Ic NO_EXPORT_SUBCONFED +is disabled. The default is .Ic no . .El @@ -1571,8 +1579,11 @@ After changing keys, a session needs to .Xc If set to .Ic yes , -.Em AS paths -to EBGP neighbors are not prepended with the local AS. +attribute transparency is enabled. +See also the +.Ic transparent-as +setting in +.Sx GLOBAL CONFIGURATION . The default is inherited from the global .Ic transparent-as setting. Index: rde_update.c =================================================================== RCS file: /cvs/src/usr.sbin/bgpd/rde_update.c,v diff -u -p -r1.170 rde_update.c --- rde_update.c 9 Dec 2024 10:51:46 -0000 1.170 +++ rde_update.c 7 Jan 2025 10:15:15 -0000 @@ -90,6 +90,13 @@ up_test_update(struct rde_peer *peer, st return (0); } + /* + * With "transparent-as yes" set do not filter based on + * well known communities. Instead pass them on to the client. + */ + if (peer->flags & PEERFLAG_TRANS_AS) + return (1); + /* well known communities */ if (community_match(comm, &comm_no_advertise, NULL)) return (0);