Annotation of src/etc/bgpd.conf, Revision 1.5
1.5 ! henning 1: # $OpenBSD: bgpd.conf,v 1.4 2004/05/05 15:25:04 henning Exp $
1.1 henning 2: # sample bgpd configuration file
3: # see bgpd.conf(5)
4:
5: #macros
1.5 ! henning 6: peer1="10.1.0.2"
! 7: peer2="10.1.0.3"
1.1 henning 8:
9: # global configuration
10: AS 65001
1.2 henning 11: router-id 10.0.0.1
1.1 henning 12: holdtime 180
13: holdtime min 3
14: listen on 127.0.0.1
1.5 ! henning 15: listen on ::1
1.3 henning 16: fib-update no
1.5 ! henning 17: # route-collector yes
1.2 henning 18: # log updates
1.3 henning 19: # network 10.0.1.0/24
1.1 henning 20:
21: # neighbors and peers
22: group "peering AS65002" {
23: remote-as 65002
24: neighbor $peer1 {
25: descr "AS 65001 peer 1"
1.3 henning 26: announce self
27: tcp md5sig password mekmitasdigoat
1.1 henning 28: }
29: neighbor $peer2 {
1.5 ! henning 30: descr "AS 65001 peer 2"
1.3 henning 31: announce all
1.5 ! henning 32: local-address 10.0.0.8
! 33: ipsec esp ike
1.1 henning 34: }
35: }
36:
1.5 ! henning 37: group "peering AS65042" {
! 38: descr "peering AS 65042"
! 39: local-address 10.0.0.8
! 40: ipsec ah ike
! 41: neighbor 10.2.0.1
! 42: neighbor 10.2.0.2
! 43: }
! 44:
1.1 henning 45: neighbor 10.0.1.0 {
46: remote-as 65003
47: descr upstream
48: multihop 2
1.2 henning 49: local-address 10.0.0.8
50: passive
1.3 henning 51: holdtime 180
52: holdtime min 3
53: announce none
54: tcp md5sig key deadbeef
1.5 ! henning 55: }
! 56:
! 57: neighbor 10.0.2.0 {
! 58: remote-as 65004
! 59: descr upstream2
! 60: local-address 10.0.0.8
! 61: ipsec ah ike
! 62: }
! 63:
! 64: neighbor 10.0.0.0/24 {
! 65: descr "template for local peers"
1.1 henning 66: }
67:
1.4 henning 68: # filter out prefixes longer than 24 or shorter than 8 bits
69: deny from any
70: allow from any prefixlen 8 - 24
71:
72: # do not accept a default route
73: deny from any prefix 0.0.0.0/0
74:
75: # filter bogus networks
76: deny from any prefix 10.0.0.0/8 prefixlen >= 8
77: deny from any prefix 172.16.0.0/12 prefixlen >= 12
78: deny from any prefix 192.168.0.0/16 prefixlen >= 16
79: deny from any prefix 169.254.0.0/16 prefixlen >= 16
80: deny from any prefix 192.0.2.0/24 prefixlen >= 24
81: deny from any prefix 224.0.0.0/4 prefixlen >= 4
82: deny from any prefix 240.0.0.0/4 prefixlen >= 4