I'm probably being completely dumb here, but I'm adding an additional perimiter 
router to my network which is running OpenBSD 6.6.

My current perimiter is a 6.4 instance (soon to be upgraded !) which talks BGP 
to internal firewalls.

The config below works perfectly on 6.4, but on 6.6, the default route is never 
exported (the session otehrwise operates fine, comes up and receives routes 
from firewalls).

"bgpctl sho ri nei nei-name out" shows nothing being sent.   

"bgpd -n" reports no problems with the config

AS 64520
rde med compare always
socket "/var/run/bgpd.sock.ro" restricted

group my_firewall_v4 {
        export default-route
        remote-as 64515
        announce IPv6 none
        neighbor {
                descr "MY-F1-V4"

group my_firewall_v6 {
        export default-route
        remote-as 64515
        announce IPv4 none
        neighbor 2001:db8::1 {
                local-address 2001:db8::2
                descr "MY-F1-V6"

MY_INT_FIREWALLS="{group my_firewall_v4,group my_firewall_v6}"
prefix-set my-def-routes {,::/0}
prefix-set MY_NETS_FILTER { or-longer, 
or-longer,2001:db8::/32 or-longer}
deny to any
allow to $MY_INT_FIREWALLS prefix-set my-def-routes
deny from any
deny from any prefix-set my-def-routes
allow from $MY_INT_FIREWALLS prefix-set MY_NETS_FILTER

Reply via email to