# $OpenBSD: bgpd.conf,v 1.4 2004/05/05 15:25:04 henning Exp $ # sample bgpd configuration file # see bgpd.conf(5) #macros peer1="10.0.0.2" peer2="10.0.0.3" # global configuration AS 65001 router-id 10.0.0.1 holdtime 180 holdtime min 3 listen on 127.0.0.1 fib-update no # log updates # network 10.0.1.0/24 # neighbors and peers group "peering AS65002" { remote-as 65002 neighbor $peer1 { descr "AS 65001 peer 1" announce self tcp md5sig password mekmitasdigoat } neighbor $peer2 { descr "AS 65001 peer 2" announce all } } neighbor 10.0.1.0 { remote-as 65003 descr upstream multihop 2 local-address 10.0.0.8 passive holdtime 180 holdtime min 3 announce none tcp md5sig key deadbeef } # filter out prefixes longer than 24 or shorter than 8 bits deny from any allow from any prefixlen 8 - 24 # do not accept a default route deny from any prefix 0.0.0.0/0 # filter bogus networks deny from any prefix 10.0.0.0/8 prefixlen >= 8 deny from any prefix 172.16.0.0/12 prefixlen >= 12 deny from any prefix 192.168.0.0/16 prefixlen >= 16 deny from any prefix 169.254.0.0/16 prefixlen >= 16 deny from any prefix 192.0.2.0/24 prefixlen >= 24 deny from any prefix 224.0.0.0/4 prefixlen >= 4 deny from any prefix 240.0.0.0/4 prefixlen >= 4