Hi,
I'm probably being completely dumb here, but I'm adding an additional perimiter
router to my network which is running OpenBSD 6.6.
My current perimiter is a 6.4 instance (soon to be upgraded !) which talks BGP
to internal firewalls.
The config below works perfectly on 6.4, but on 6.6, the default route is never
exported (the session otehrwise operates fine, comes up and receives routes
from firewalls).
"bgpctl sho ri nei nei-name out" shows nothing being sent.
"bgpd -n" reports no problems with the config
AS 64520
router-id 192.0.2.1
rde med compare always
socket "/var/run/bgpd.sock.ro" restricted
group my_firewall_v4 {
export default-route
remote-as 64515
announce IPv6 none
neighbor 198.51.100.1 {
local-address 198.51.100.2
descr "MY-F1-V4"
}
}
group my_firewall_v6 {
export default-route
remote-as 64515
announce IPv4 none
neighbor 2001:db8::1 {
local-address 2001:db8::2
descr "MY-F1-V6"
}
}
MY_INT_FIREWALLS="{group my_firewall_v4,group my_firewall_v6}"
prefix-set my-def-routes {0.0.0.0/0,::/0}
prefix-set MY_NETS_FILTER {192.0.2.0/24 or-longer,198.51.100.0/24
or-longer,2001:db8::/32 or-longer}
deny to any
allow to $MY_INT_FIREWALLS prefix-set my-def-routes
deny from any
deny from any prefix-set my-def-routes
allow from $MY_INT_FIREWALLS prefix-set MY_NETS_FILTER
