From 19ab3726085094664556173cc60814f53652f261 Mon Sep 17 00:00:00 2001
From: graffen <gr@ffen.dk>
Date: Wed, 14 Nov 2018 15:17:03 +0000
Subject: [PATCH] Beginning of iBGP filtering rules

---
 bgp4.conf              |  2 +-
 bgp6.conf              | 11 ++++++++---
 community_filters.conf | 19 ++++++++++++++++---
 3 files changed, 25 insertions(+), 7 deletions(-)

diff --git a/bgp4.conf b/bgp4.conf
index 2292c84..f7caee9 100644
--- a/bgp4.conf
+++ b/bgp4.conf
@@ -19,7 +19,7 @@ template bgp ibgppeer {
 	igp table T_OSPF;
 	path metric on;
 	import keep filtered;
-	import all;
+	import where iBGP_import_peer_policy();
 	export filter {
 		if is_self_net() then {
 			reject;
diff --git a/bgp6.conf b/bgp6.conf
index b9fc502..a1cd6f3 100644
--- a/bgp6.conf
+++ b/bgp6.conf
@@ -19,10 +19,15 @@ template bgp ibgppeer {
 	igp table T_OSPF;
 	path metric on;
 	import keep filtered;
-#	import where iBGP_import_peer_policy();
+	import where iBGP_import_peer_policy();
 #	export where iBGP_export_peer_policy();
-	import all;
-	export all;
+        export filter {
+                if is_self_net() then {
+                        reject;
+                 }
+                accept;
+        };
+
 	source address OWNIP;
 	next hop self;
 }
diff --git a/community_filters.conf b/community_filters.conf
index 39bf7f3..565ada4 100644
--- a/community_filters.conf
+++ b/community_filters.conf
@@ -44,9 +44,9 @@ int dn42_crypto;
   # replace 4 with your calculated bandwidth value
   if dn42_bandwidth > 4 then dn42_bandwidth = 4;
 
-  bgp_local_pref = 10000+100*dn42_bandwidth + 50*(10-dn42_latency)-200*bgp_path.len+100*dn42_crypto; #(as suggested by tombii)
-  bgp_local_pref = 1000*dn42_bandwidth - 10*dn42_latency; if dn42_crypto < 2 then bgp_local_pref = 0; #(as suggested by Jplitza)
-  bgp_local_pref = 10000+100*dn42_bandwidth + 50*(10-dn42_latency)-400*(bgp_path.len-1)+100*dn42_crypto; #(as suggested by Mic92 - prefer direct tunnel)
+#  bgp_local_pref = 10000+100*dn42_bandwidth + 50*(10-dn42_latency)-200*bgp_path.len+100*dn42_crypto; #(as suggested by tombii)
+#  bgp_local_pref = 1000*dn42_bandwidth - 10*dn42_latency; if dn42_crypto < 2 then bgp_local_pref = 0; #(as suggested by Jplitza)
+#  bgp_local_pref = 10000+100*dn42_bandwidth + 50*(10-dn42_latency)-400*(bgp_path.len-1)+100*dn42_crypto; #(as suggested by Mic92 - prefer direct tunnel)
 
   return true;
 }
@@ -75,3 +75,16 @@ function dn42_export_filter(int link_latency; int link_bandwith; int link_crypto
   }
   reject;
 }
+
+# iBGP Peer Policies
+function iBGP_import_peer_policy() {
+
+  if bgp_path.len > 64 then return false;       # Reject too long BGP Paths
+  if is_self_net() then return false;            # Reject local used networks (IXP, Peerings) from iBGP Peers
+  if ( bgp_local_pref > 1000 ) then {           # Reset local pref on iBGP Links, to do AS Path Metric only
+        bgp_local_pref = 100;
+  }
+
+  return true;                                  # Allow all on iBGP Links
+};
+