Hi Misc, I am trying to make OpenBGPD work as a route-server for a little hobby project I am working on.
As it's very hard to find configuration examples for this usage on the web i have to turn here. What I am trying to achieve: - A route-server acting as a transparent route distributor. - Control by neighbours who their prefixes are announced to, based on communities. Making OpenBGP work as a transparent AS was the easy part. However I'm stuck in the communities control part. How it is supposed to work, my route-server has AS1234 in my test environment. If a neighbour announces: 1. { community 1234:1234 } -- Their prefixes will be announced to EVERY other neighbour. 2. { community 1234:<as>} -- Their prefixes will ONLY be announced to <AS>, ie: 1234:8943 will only send the prefixes to AS8943. 3. { community 1234:1234 1234:<AS> } -- Their prefixes will be announced to every other neighbour EXCEPT <AS>. I have been able to achieve the first 2 ways the prefix control should work, but I can't manage to get the 3rd to work. Before moving to OpenBGPD I managed to produce the way I want it to work in Quagga but I simply do not want to use that. Would anyone have an idea on how to make OpenBGPD not announce prefixes to specific neighbours if they appear in the 1234:1234 1234:<AS> list? My configuration: -- AS 1234 router-id 10.0.0.60 fib-update no log updates listen on 10.0.0.60 nexthop qualify via bgp transparent-as yes group "peers-rs-v4" { announce IPv4 unicast softreconfig in yes enforce neighbor-as yes neighbor 10.0.0.61 { descr "juniperm5" remote-as 65501 announce all passive } neighbor 10.0.0.64 { descr "foundryxmr" remote-as 65502 announce all passive } neighbor 10.0.0.63 { descr "cisco7200" remote-as 65503 announce all passive } } deny from any deny from any prefix 0.0.0.0/0 deny from any prefix 10.0.0.0/8 prefixlen >= 8 deny from any prefix 172.16.0.0/12 prefixlen >= 12 deny from any prefix { 192.168.0.0/16 169.254.0.0/16 } prefixlen >= 16 deny from any prefix 169.254.0.0/16 prefixlen <= 32 deny from any community *:* deny to any community *:* # Community 1234:65502 goes to AS65502 allow from any community 1234:65502 allow to 10.0.0.64 community 1234:65502 # Community 1234:1234 goes to everyone allow from any community 1234:1234 allow to any community 1234:1234