wiki/wiki
1
0
Fork 0
mirror of https://git.dn42.dev/wiki/wiki synced 2025-03-12 18:56:33 +00:00
Code Issues Releases Wiki Activity

Add VyOS route-map to reject any incoming routes from the GRC

Browse Source
This commit is contained in:
bri 2023-04-21 01:32:37 +01:00
parent 71746a4eb3
commit f7f198d0d4
1 changed files with 5 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
services/Route-Collector.md
View File

@ -70,11 +70,14 @@ protocol bgp ROUTE_COLLECTOR
Example VyOS 1.4 "Sagitta" config Example VyOS 1.4 "Sagitta" config
``` ```
set protocols bgp neighbor fd42:4242:2601:ac12::1 address-family ipv4-unicast # The route collector should never export routes, so let's make a route-map to reject them if it does.
set protocols bgp neighbor fd42:4242:2601:ac12::1 address-family ipv6-unicast set policy route-map Deny-All rule 1 action deny
set protocols bgp neighbor fd42:4242:2601:ac12::1 address-family ipv4-unicast route-map import 'Deny-All'
set protocols bgp neighbor fd42:4242:2601:ac12::1 address-family ipv6-unicast route-map import 'Deny-All'
set protocols bgp neighbor fd42:4242:2601:ac12::1 description 'https://lg.collector.dn42' set protocols bgp neighbor fd42:4242:2601:ac12::1 description 'https://lg.collector.dn42'
set protocols bgp neighbor fd42:4242:2601:ac12::1 ebgp-multihop '10' set protocols bgp neighbor fd42:4242:2601:ac12::1 ebgp-multihop '10'
set protocols bgp neighbor fd42:4242:2601:ac12::1 remote-as '4242422602' set protocols bgp neighbor fd42:4242:2601:ac12::1 remote-as '4242422602'
``` ```