Hello Denis, Tom, Merci/Thank you for your answers.
I don't understand how to use "allow from group" Yes I use 6.0, 6.1 and 5.8 on these machines. I'm waiting for 6.5 to be released and try to migrate them all. I'm used to configure Cisco devices and there's no filtering. Routes received by an eBGP session are reannounced to iBGP peers and next hop self should be used in that case. If that option is not used, the routes are installed in the BGP table but since the next hop is unreachable, they are not installed in the routing table. I expected my iBGP peers (site 3...) to receive the routes (spam) coming from the eBGP peer on site 2. It seemed to me that group was like a peer-group. Le lundi 22 avril 2019 à 18:32:26 UTC+2, Tom Smyth <tom.sm...@wirelessconnect.eu> a écrit : Hi Mik, 1) what version of OpenBSD / OpenBGPD are you running... 2) if it is >6.4 OpenBSD / OpenBGPD .... then Claudio et all have implemented a new RFC for eBGP (cant remember the number) TLDR version of the new eBGP RFC is that unfiltered bgp will by default, deny any announcements and only announce what is explicitly allowed by filters added by the administrator of the BGP router... Check out Job@ & Claudio@ *NOG videos on BGPD / OpenBGPD for more details (they are on youtube) I hope this helps Bon Chance :) On Mon, 22 Apr 2019 at 11:17, Mik J <mikyde...@yahoo.fr> wrote: > > Hello, > > I'm trying to set up openbgpd. > > On site 2, I'm peering with us.bgp-spamd.net and eu.bgp-spamd.net sucessfully. > The problem is that these routes are not in the bgp table on site 3. The BGP > peerings are up. > From site 3 I can ping 192.0.2.2/site 2. I sucessfully receive prefixes > announced on site 2. > I used next hop self on the ibgp session.Does anyone has an idea ? > > log updates > network 192.0.2.2/32network 10.1.1.0/24 > myAS="65001" > site2="192.0.2.2" > site3="192.0.2.3" > spam_rs1="64.142.121.62" # us.bgp-spamd.net > spam_rs2="217.31.80.170" # eu.bgp-spamd.net > spamASN="65066" > > AS $myAS > fib-update no > > group "spam-bgp" { > remote-as $spamASN > multihop 64 > announce none # Do not send any route updates > neighbor $spam_rs1 > neighbor $spam_rs2 > } > > group "internalnet" { > remote-as $myAS > multihop 64 > neighbor $site3 > local-address $site2 > set nexthop self > tcp md5sig password password1234 > } > > -- Kindest regards, Tom Smyth.