# $OpenBSD: bgpd.conf,v 1.5 2004/05/08 18:43:06 henning Exp $ # sample bgpd configuration file # see bgpd.conf(5) #macros peer1="10.1.0.2" peer2="10.1.0.3" # global configuration AS 65001 router-id 10.0.0.1 holdtime 180 holdtime min 3 listen on 127.0.0.1 listen on ::1 fib-update no # route-collector yes # log updates # network 10.0.1.0/24 # neighbors and peers group "peering AS65002" { remote-as 65002 neighbor $peer1 { descr "AS 65001 peer 1" announce self tcp md5sig password mekmitasdigoat } neighbor $peer2 { descr "AS 65001 peer 2" announce all local-address 10.0.0.8 ipsec esp ike } } group "peering AS65042" { descr "peering AS 65042" local-address 10.0.0.8 ipsec ah ike neighbor 10.2.0.1 neighbor 10.2.0.2 } neighbor 10.0.1.0 { remote-as 65003 descr upstream multihop 2 local-address 10.0.0.8 passive holdtime 180 holdtime min 3 announce none tcp md5sig key deadbeef } neighbor 10.0.2.0 { remote-as 65004 descr upstream2 local-address 10.0.0.8 ipsec ah ike } neighbor 10.0.0.0/24 { descr "template for local peers" } # filter out prefixes longer than 24 or shorter than 8 bits deny from any allow from any prefixlen 8 - 24 # do not accept a default route deny from any prefix 0.0.0.0/0 # filter bogus networks deny from any prefix 10.0.0.0/8 prefixlen >= 8 deny from any prefix 172.16.0.0/12 prefixlen >= 12 deny from any prefix 192.168.0.0/16 prefixlen >= 16 deny from any prefix 169.254.0.0/16 prefixlen >= 16 deny from any prefix 192.0.2.0/24 prefixlen >= 24 deny from any prefix 224.0.0.0/4 prefixlen >= 4 deny from any prefix 240.0.0.0/4 prefixlen >= 4