Hello, I recently joined the VyOS community as a user but also as a donor.
My goal is to create a complete VyOS backbone to replace old Juniper MX5 limited in 1G I currently have the latest LTS but I’m struggling with BGP filtering can you help me.
I need to be able to export my prefix “45.154.X.X/22” and import everything except RFC 1918.
I would also like to know how to export a default route in BGP
Thank you in advance
here’s a capture of what I’ve already done but I think I’m having trouble with my configuration.
Can someone also explain me how to make communities for importing and exporting prefixes?
Hi,
your prefixlist and route map looks good. Now you have to use them.
set protocols bgp <AS> neighbor <neighbor> address-family ipv4-unicast route-map export iBGP4-OUT
set protocols bgp <AS> neighbor <neighbor> address-family ipv4-unicast route-map import eBGP4-IN
default route:
set protocols bgp <AS> neighbor <neighbor> address-family ipv4-unicast default-originateHi thank you for your reply
Can you tell me what is the default action do we need to make ? Discard 0.0.0.0/0 an after allow my subnets ? For out
In other routers like Mikrotik the first rule is a deny for any
Only 2 prefixes will be allowed from your route-map OUT.
So you don’t need any additional rules.
And for the default route what is the filter do I need to export 0.0.0.0/0 to my downstream ?
Policy to Export only default route
set policy prefix-list default rule 10 action 'permit'
set policy prefix-list default rule 10 prefix '0.0.0.0/0'
set policy route-map OUT rule 10 action 'permit'
set policy route-map OUT rule 10 match ip address prefix-list 'default'It’s possible to create a community to apply my filter in 'IN" & “OUT” to a peer just with a community tag ?
You can mark the routes with community.
For example:
set policy community-list IN rule 10 action 'permit'
set policy community-list IN rule 10 regex '65001:111'
set policy community-list OUT rule 10 action 'permit'
set policy community-list OUT rule 10 regex '65001:222'
set policy route-map RMAP-IN rule 10 action 'permit'
set policy route-map RMAP-IN rule 10 set community '65001:111'
set policy route-map RMAP-OUT rule 10 action 'permit'
set policy route-map RMAP-OUT rule 10 set community '65001:222'
set protocols bgp 65001 neighbor 10.0.0.2 address-family ipv4-unicast route-map export 'RMAP-OUT'
set protocols bgp 65001 neighbor 10.0.0.2 address-family ipv4-unicast route-map import 'RMAP-IN'I have a hard time when the BGP community knows that it has to drop for example the RFC 1918 on private networks in IN it has to make a link between the prefix-list and the communities?
This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.