On Sun, Apr 19, 2020 at 08:07:48AM +0100, Richard Chivers wrote:
> Hi,
>
> Just been building a copy of our production system in vagrant to test
> upgrading to the latest version, in order to resolve an issue we were
> having.
>
> In our current config we have:
>
> group "core" {
> local-address $localaddr
> remote-as xxxxxx
> announce all
> neighbor x.x.x.x {
> descr "router-a"
> }
> neighbor x.x.x.x {
> descr "router-b"
> }
> }
>
> From the upgrade guide it says: In OpenBSD 6.4, the announce keyword was
> deprecated in bgpd.conf(5). It has now been removed and must be replaced
> with export.
>
> We also have another group with announce none
>
> Is it fair to suggest that removing the announce all will be the same as
> not having it in >= 6.4, and that we replace announce none with export none.
>
> Probably a stupid question, but I only touch BGP occasionally, and was just
> hoping to understand in more detail.
>
> The group core is our own internal bgp speakers, each of these also have
> transit connections too.
>
> All our config is templated using ansible, so we can easily adjust the
> config based on the actual version.
>
> Probably worth saying we are running on 6.6 with patches applied, in the
> test environment.
Yes, you can just remove announce all from your config. I guess you
already have the needed input and output filters in place to ensure only
the right thing is accepted and announced. Actually since the core group
is ibgp even in the old config announce all is not needed since that was
the default for ibgp sessions.
announce none can just be replaced with export none. The result is the
same and no prefix will be announced to these peers even if the filters
would allow them.
As mentioned the important change was that the filter switched from a
default allow rule to a default deny rule both for incoming and outgoing
filters. So you need to check your ruleset and maybe add some additional
filters. Something like
allow from ibgp
allow to ibgp
may do the trick.
--
:wq Claudio
