Return to bgpd.conf CVS log

Up to [local] / src / etc

Annotation of src/etc/bgpd.conf, Revision 1.5

1.5     ! henning     1: # $OpenBSD: bgpd.conf,v 1.4 2004/05/05 15:25:04 henning Exp $
1.1       henning     2: # sample bgpd configuration file
                      3: # see bgpd.conf(5)
                      4:
                      5: #macros
1.5     ! henning     6: peer1="10.1.0.2"
        !             7: peer2="10.1.0.3"
1.1       henning     8:
                      9: # global configuration
                     10: AS 65001
1.2       henning    11: router-id 10.0.0.1
1.1       henning    12: holdtime 180
                     13: holdtime min 3
                     14: listen on 127.0.0.1
1.5     ! henning    15: listen on ::1
1.3       henning    16: fib-update no
1.5     ! henning    17: # route-collector yes
1.2       henning    18: # log updates
1.3       henning    19: # network 10.0.1.0/24
1.1       henning    20:
                     21: # neighbors and peers
                     22: group "peering AS65002" {
                     23:        remote-as 65002
                     24:        neighbor $peer1 {
                     25:                descr   "AS 65001 peer 1"
1.3       henning    26:                announce self
                     27:                tcp md5sig password mekmitasdigoat
1.1       henning    28:        }
                     29:        neighbor $peer2 {
1.5     ! henning    30:                descr "AS 65001 peer 2"
1.3       henning    31:                announce all
1.5     ! henning    32:                local-address 10.0.0.8
        !            33:                ipsec esp ike
1.1       henning    34:        }
                     35: }
                     36:
1.5     ! henning    37: group "peering AS65042" {
        !            38:        descr "peering AS 65042"
        !            39:        local-address 10.0.0.8
        !            40:        ipsec ah ike
        !            41:        neighbor 10.2.0.1
        !            42:        neighbor 10.2.0.2
        !            43: }
        !            44:
1.1       henning    45: neighbor 10.0.1.0 {
                     46:        remote-as       65003
                     47:        descr           upstream
                     48:        multihop        2
1.2       henning    49:        local-address   10.0.0.8
                     50:        passive
1.3       henning    51:        holdtime        180
                     52:        holdtime min    3
                     53:        announce        none
                     54:        tcp md5sig key  deadbeef
1.5     ! henning    55: }
        !            56:
        !            57: neighbor 10.0.2.0 {
        !            58:        remote-as       65004
        !            59:        descr           upstream2
        !            60:        local-address   10.0.0.8
        !            61:        ipsec ah ike
        !            62: }
        !            63:
        !            64: neighbor 10.0.0.0/24 {
        !            65:        descr           "template for local peers"
1.1       henning    66: }
                     67:
1.4       henning    68: # filter out prefixes longer than 24 or shorter than 8 bits
                     69: deny from any
                     70: allow from any prefixlen 8 - 24
                     71:
                     72: # do not accept a default route
                     73: deny from any prefix 0.0.0.0/0
                     74:
                     75: # filter bogus networks
                     76: deny from any prefix 10.0.0.0/8 prefixlen >= 8
                     77: deny from any prefix 172.16.0.0/12 prefixlen >= 12
                     78: deny from any prefix 192.168.0.0/16 prefixlen >= 16
                     79: deny from any prefix 169.254.0.0/16 prefixlen >= 16
                     80: deny from any prefix 192.0.2.0/24 prefixlen >= 24
                     81: deny from any prefix 224.0.0.0/4 prefixlen >= 4
                     82: deny from any prefix 240.0.0.0/4 prefixlen >= 4