howto/vyos1.4.x.md
... ...
@@ -354,37 +354,37 @@ set policy prefix-list6 DN42-Network-v6 rule 10 le '128'
354 354
set policy prefix-list6 DN42-Network-v6 rule 10 prefix 'fd00::/8'
355 355
356 356
357
-
358
-
359 357
##Block prefixes within internal network range, then allow everything else within DN42, then block everything else.
360 358
set policy route-map Default-Peering rule 10 action 'deny'
361 359
set policy route-map Default-Peering rule 10 description 'Prevent IP Conflicts'
362 360
set policy route-map Default-Peering rule 10 match ip address prefix-list 'BlockIPConflicts'
363 361
set policy route-map Default-Peering rule 11 action 'deny'
364 362
set policy route-map Default-Peering rule 11 description 'Prevent IP Conflicts'
365
-set policy route-map Default-Peering rule 11 match ip address prefix-list6 'BlockIPConflicts-v6'
363
+set policy route-map Default-Peering rule 11 match ipv6 address prefix-list 'BlockIPConflicts-v6'
366 364
set policy route-map Default-Peering rule 20 action 'permit'
367 365
set policy route-map Default-Peering rule 20 description 'Allow DN42-Network'
368
-set policy route-map Default-Peering rule 20 match ip address prefix-list 'DN42-Network-Network'
366
+set policy route-map Default-Peering rule 20 match ip address prefix-list 'DN42-Network'
369 367
set policy route-map Default-Peering rule 21 action 'permit'
370 368
set policy route-map Default-Peering rule 21 description 'Allow DN42-Network'
371
-set policy route-map Default-Peering rule 21 match ip address prefix-list6 'DN42-Network-Network-v6'
369
+set policy route-map Default-Peering rule 21 match ipv6 address prefix-list 'DN42-Network-v6'
372 370
set policy route-map Default-Peering rule 99 action 'deny'
373 371
374 372
375 373
##Apply the route-map on import/export
376 374
377
-set protocols bgp neighbor x.x.x.x address-family ipv4-unicast route-map export 'Default-Peering'
378
-set protocols bgp neighbor x.x.x.x address-family ipv4-unicast route-map import 'Default-Peering'
379
-set protocols bgp neighbor x.x.x.x address-family ipv6-unicast route-map export 'Default-Peering'
380
-set protocols bgp neighbor x.x.x.x address-family ipv6-unicast route-map import 'Default-Peering'
375
+set protocols bgp peer-group dn42 address-family ipv4-unicast route-map export 'Default-Peering'
376
+set protocols bgp peer-group dn42 address-family ipv4-unicast route-map import 'Default-Peering'
377
+set protocols bgp peer-group dn42 address-family ipv6-unicast route-map export 'Default-Peering'
378
+set protocols bgp peer-group dn42 address-family ipv6-unicast route-map import 'Default-Peering'
381 379
```
382 380
383 381
384 382
# Add your VyOS router to the [Global Route Collector](/services/Route-Collector)!
385 383
```
386
-set protocols bgp neighbor fd42:4242:2601:ac12::1 address-family ipv4-unicast
387
-set protocols bgp neighbor fd42:4242:2601:ac12::1 address-family ipv6-unicast
384
+# The route collector should never export routes, so let's make a route-map to reject them if it does.
385
+set policy route-map Deny-All rule 1 action deny
386
+set protocols bgp neighbor fd42:4242:2601:ac12::1 address-family ipv4-unicast route-map import 'Deny-All'
387
+set protocols bgp neighbor fd42:4242:2601:ac12::1 address-family ipv6-unicast route-map import 'Deny-All'
388 388
set protocols bgp neighbor fd42:4242:2601:ac12::1 description 'https://lg.collector.dn42'
389 389
set protocols bgp neighbor fd42:4242:2601:ac12::1 ebgp-multihop '10'
390 390
set protocols bgp neighbor fd42:4242:2601:ac12::1 remote-as '4242422602'