Hi Claudio,
Thanks, this has been helpfull. However i really need that bit of control
from the peer's configuration end.
You wouldn't happen to know how i can achieve the following?:
A peer sends the following communities to the RS: 1234:1234 1234:7547
1234:8392
I want the route-server to send the routes received in the communities (yes
they all contain the same routes) to every peer on the RS, except for those
with AS 7547 and 8392.
Was also wondering why you have that prepend rule in #5 while transparent-as
is configured?
Regards,
Hans
On Wed, Oct 29, 2008 at 12:08 PM, Claudio Jeker <[EMAIL PROTECTED]>wrote:
> On Tue, Oct 28, 2008 at 04:24:02PM +0100, Hans Vosbergen wrote:
> > Hi Misc,
> >
> > I am trying to make OpenBGPD work as a route-server for a little hobby
> > project I am working on.
> >
> > As it's very hard to find configuration examples for this usage on the
> web i
> > have to turn here.
> >
> > What I am trying to achieve:
> > - A route-server acting as a transparent route distributor.
> > - Control by neighbours who their prefixes are announced to, based on
> > communities.
> >
> > Making OpenBGP work as a transparent AS was the easy part. However I'm
> stuck
> > in the communities control part.
> >
> > How it is supposed to work, my route-server has AS1234 in my test
> > environment.
> >
> > If a neighbour announces:
> > 1. { community 1234:1234 } -- Their prefixes will be announced to EVERY
> > other neighbour.
> > 2. { community 1234:<as>} -- Their prefixes will ONLY be announced to
> <AS>,
> > ie: 1234:8943 will only send the prefixes to AS8943.
> > 3. { community 1234:1234 1234:<AS> } -- Their prefixes will be announced
> to
> > every other neighbour EXCEPT <AS>.
> >
> > I have been able to achieve the first 2 ways the prefix control should
> work,
> > but I can't manage to get the 3rd to work. Before moving to OpenBGPD I
> > managed to produce the way I want it to work in Quagga but I simply do
> not
> > want to use that.
> >
> > Would anyone have an idea on how to make OpenBGPD not announce prefixes
> to
> > specific neighbours if they appear in the 1234:1234 1234:<AS> list?
> >
>
> The route server I set up uses more or less this config:
>
> # global configuration
> AS $ASNUM
> router-id $IP
> transparent-as yes
>
> network $LAN
>
> group RS {
> announce all
> max-prefix 5000 restart 15
> set nexthop no-modify
> # softreconfig in no
>
> neighbor $LAN {
> descr "RS peer"
> passive
> }
> }
>
> # filter out prefixes longer than 24 or shorter than 8 bits
> deny from any prefixlen 8 >< 24
>
> # do not accept a default route, multicast and experimental networks
> deny from any prefix 0.0.0.0/0
> deny from any prefix 10.0.0.0/8 prefixlen >= 8
> deny from any prefix 127.0.0.0/8 prefixlen >= 8
> deny from any prefix 169.254.0.0/16 prefixlen >= 16
> deny from any prefix 172.16.0.0/12 prefixlen >= 12
> deny from any prefix 192.0.2.0/24 prefixlen >= 24
> deny from any prefix 192.168.0.0/16 prefixlen >= 16
> deny from any prefix 224.0.0.0/4 prefixlen >= 4
> deny from any prefix 224.0.0.0/4 prefixlen >= 4
> deny from any prefix 240.0.0.0/4 prefixlen >= 4
>
> # we set's these communities to identify from where
> # it learned a route:
> match from any set community $ASNUM:neighbor-as
>
> # 1. Prepend RS $ASNUM to *all* RS-Peers
> match from group RS community $ASNUM:65500 set prepend-self 1
>
> # 2. Prepend RS $ASNUM to *selected* RS-Peer N-times
> # (N can be 1 to 3)
> match to group RS community 65501:neighbor-as set prepend-self 1
> match to group RS community 65502:neighbor-as set prepend-self 2
> match to group RS community 65503:neighbor-as set prepend-self 3
>
> # 3. Do *not* announce to RS-Peers with AS AAAA
> deny to group RS community $ASNUM:neighbor-as
>
> # 4. Do *not* announce to *ANY* RS-Peers
> deny to group RS community $ASNUM:65535
>
> # 5. Prepend own announcement by one
> match to group RS prefix $LAN set prepend-self 1
>
> Works like a champ without any additional per peer config :)
> --
> :wq Claudio
