CVSROOT: /cvs
Module name: src
Changes by: clau...@cvs.openbsd.org 2018/06/13 03:33:51
Modified files:
usr.sbin/bgpd : bgpd.8 bgpd.conf.5 bgpd.h parse.y printconf.c
rde.c rde_filter.c rde_update.c
Log message:
Deprecate announce (all|self|none|default-route)
The announce keyword was overloaded and confused a lot of operators, time
to clean it up and while there incorporate RFC8212 guideline for propagation.
- `announce all` is the new default but the default deny filter will
make sure that by default nothing is leaked
- `announce self` is no more and results in syntax error
- `announce none` is now `export none`
- `announce default-route` becomes `export default-route`
- the filters are switched to a default deny rule both incoming and outgoing
You most certainly need to adjust your config!
Best is to change the config in advance by using `announce all` explicitly on
all neighbors and adding `deny from any` and `deny to any` at the start of
your filters and adjust the rest of the filters to still produce the same
result. `bgpd -nv -f bgpd.conf ` and `bgpctl show rib out nei foo` are good
tools to verify the changes.
Lots of discussions with job@, deraadt@, sthen@
OK job@
