ifname in filters

Alexander Velkov alvel85 at googlemail.com
Mon Jul 4 16:07:52 CEST 2016 

Just for clarification, this is what I try to achieve 'translated' for use
with quagga (ripd):

...
access-list filter1 permit 10.2.4.0/24
access-list filter1 deny 0.0.0.0/0
!
interface eth0
interface eth1
!
router rip
 network eth0
 distribute-list filter1 out eth0
 network eth1
 redistribute connected
...

On Mon, Jul 4, 2016 at 3:49 PM, Alexander Velkov <alvel85 at googlemail.com>
wrote:

> Hello,
>
> I would like to configure RIP with different ACLs set on different RIP
> interfaces. For this purpose I thought I could use the '*ifname*' route
> attribute in bird filters. The problem I am facing is that when I use it,
> no RIP routes are announced at all, so maybe I am using a wrong syntax.
>
> If I don't use the *ifname = "eth0" *I see the following sent from the
> bird's RIP instance (10.0.4.1 is configured on eth1 and 172.16.0.4 on
> eth0). I would like the 10.2.4.1/32 route to be announced through eth0
> only. I have also tried to use the *ifname ~ "eth0" *syntax with no luck.
>
>
>
>
> *tcpdump:*
> # tcpdump -i any -vvnn port 520
> tcpdump: listening on any, link-type LINUX_SLL (Linux cooked), capture
> size 65535 bytes
> 13:02:58.664760 IP (tos 0xc0, ttl 1, id 27713, offset 0, flags [none],
> proto UDP (17), length 52)
>     *10.0.4.1.520* > 224.0.0.9.520: [udp sum ok]
>         RIPv2, Response, length: 24, routes: 1 or less
>           AFI IPv4,        *10.2.4.1/32 <http://10.2.4.1/32>*, tag
> 0x0000, metric: 1, next-hop: self
>         0x0000:  0202 0000 0002 0000 0a02 0401 ffff ffff
>         0x0010:  0000 0000 0000 0001
> 13:03:14.686163 IP (tos 0xc0, ttl 1, id 27714, offset 0, flags [none],
> proto UDP (17), length 52)
>     *172.16.0.4.520* > 224.0.0.9.520: [udp sum ok]
>         RIPv2, Response, length: 24, routes: 1 or less
>           AFI IPv4,        *10.2.4.1/32 <http://10.2.4.1/32>*, tag
> 0x0000, metric: 1, next-hop: self
>         0x0000:  0202 0000 0002 0000 0a02 0401 ffff ffff
>         0x0010:  0000 0000 0000 0001
>
> *bird config:*
>
> protocol kernel {
> #  persist;                # Don't remove routes on BIRD shutdown
>   scan time 20;           # Scan kernel routing table every 20 seconds
>   export all;             # Default is export none
>   learn;
>   device routes;
> }
>
> protocol device {
>   scan time 10;           # Scan interfaces every 10 seconds
> }
>
> protocol direct {
>   interface "*";
> }
>
> filter rip_export {
>   # redistribute connected + RIP + ACL
>   if ( ( source = RTS_DEVICE || source = RTS_RIP ) &&
>        ( net ~ 10.2.4.0/24 && *ifname = "eth0"* ) ) then {
>     print "net export accepted: ", net;
>     accept;
>   }
>
>   reject;
> }
>
> protocol rip RIP {
>   debug all;
>
>   interface "eth0" {mode multicast; split horizon yes; poison reverse no;
> };
>   interface "eth1" {mode multicast; split horizon yes; poison reverse no;
> };
>
>   import all;
>   export filter rip_export;
> }
>
> Any help would be appreciated, thank you.
>
> Alex
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://trubka.network.cz/pipermail/bird-users/attachments/20160704/0add9295/attachment.html>

More information about the Bird-users mailing list