Re: eBGP routes are not reannounced

[Mik J]

 Hello Denis, Tom,

Merci/Thank you for your answers.

I don't understand how to use "allow from group"

Yes I use 6.0, 6.1 and 5.8 on these machines. I'm waiting for 6.5 to be 
released and try to migrate them all.

I'm used to configure Cisco devices and there's no filtering. Routes received 
by an eBGP session are reannounced to iBGP peers and next hop self should be 
used in that case.
If that option is not used, the routes are installed in the BGP table but since 
the next hop is unreachable, they are not installed in the routing table.

I expected my iBGP peers (site 3...) to receive the routes (spam) coming from 
the eBGP peer on site 2.

It seemed to me that group was like a peer-group.
    Le lundi 22 avril 2019 à 18:32:26 UTC+2, Tom Smyth 
<tom.sm...@wirelessconnect.eu> a écrit :  
 
 Hi Mik,

1) what version of OpenBSD / OpenBGPD are you running...
2) if it is >6.4 OpenBSD / OpenBGPD .... then Claudio et all have
implemented a new RFC  for eBGP (cant remember the number)

TLDR version of the new  eBGP RFC is that unfiltered bgp will by
default, deny any announcements and only announce what is explicitly
allowed by filters added by the administrator of the BGP router...

Check out Job@  & Claudio@
 *NOG  videos on BGPD / OpenBGPD for more details
(they are on youtube)

I hope this helps

Bon Chance :)



On Mon, 22 Apr 2019 at 11:17, Mik J <mikyde...@yahoo.fr> wrote:
>
> Hello,
>
> I'm trying to set up openbgpd.
>
> On site 2, I'm peering with us.bgp-spamd.net and eu.bgp-spamd.net sucessfully.
> The problem is that these routes are not in the bgp table on site 3. The BGP 
> peerings are up.
> From site 3 I can ping 192.0.2.2/site 2. I sucessfully receive prefixes 
> announced on site 2.
> I used next hop self on the ibgp session.Does anyone has an idea ?
>
> log updates
> network 192.0.2.2/32network 10.1.1.0/24
> myAS="65001"
> site2="192.0.2.2"
> site3="192.0.2.3"
> spam_rs1="64.142.121.62"    # us.bgp-spamd.net
> spam_rs2="217.31.80.170"    # eu.bgp-spamd.net
> spamASN="65066"
>
> AS $myAS
> fib-update no
>
> group "spam-bgp" {
>    remote-as          $spamASN
>    multihop 64
>    announce none          # Do not send any route updates
>    neighbor $spam_rs1
>    neighbor $spam_rs2
> }
>
> group "internalnet" {
>    remote-as          $myAS
>    multihop            64
>    neighbor            $site3
>    local-address      $site2
>    set                        nexthop self
>    tcp md5sig password password1234
> }
>
>


-- 
Kindest regards,
Tom Smyth.