simple filters question

Sergey Popovich popovich_sergei at mail.ru
Fri Nov 8 09:58:06 CET 2013


В письме от 7 ноября 2013 16:05:50 пользователь John Jensen написал:
> Hi,
> 
> We're about to migrate our exchange to a /23 and we're likely going to do
> it over time. I have a simple filter in place to check and make sure that
> the NEXT_HOP is within our exchange's subnet. Originally it looked like
> this:
> 
> function check_ixp_next_hop(ip nexthop)
> prefix ixpnet;
> {
>   ixpnet = x.x.x.x/24;
>   if ! (nexthop ~ ixpnet) then return false;
>   return true;
> }
> 
> 
> And then within the inbound filter for each peer's ASN:
> 
> if ! (check_ixp_next_hop(bgp_next_hop)) then reject;
> 
> 
> Since we're going to be caring about two distinct prefixes while we perform
> the migration, I changed the filter to look like this:
> 
> function check_ixp_next_hop(ip nexthop)
> prefix set ixpnet;
> {
>   ixpnet = [ x.x.x.x/24, y.y.y.y/23 ];

Also, pay attention, you should use something like

    ixpnet = [ x.x.x.x/24+, y.y.y.y/23+ ];

To match subnets.

>   if ! (nexthop ~ ixpnet) then return false;
>   return true;
> }
> 

Even simpler:
-------------

function check_ixp_next_hop(ip nexthop)
{
  return nexthop ~ [ x.x.x.x/24+, y.y.y.y/23+ ];
}

-- 
SP5474-RIPE
Sergey Popovich




More information about the Bird-users mailing list