filter all prefixes except a few with 'case' control

Войнович Андрей Александрович andreyv at skbkontur.ru
Thu Sep 29 09:01:00 CEST 2016


Construction with single IP addresses passes syntax check, but filter does not work as expected - it passes all routes and does not filter anything. I have ugly workaround which works:
filter permit_white {
        if net = 1.1.1.1/32 then {
                accept;
        }
                if net = 2.2.2.2/32 then {
                accept;
        }
        else {
                reject;
        }
}

There are no examples on the internet with 'case' statement, seems the feature is rarely used and even implemented with some mistakes, isn't it?

ROA table would be helpful, but if I understood this feature correctly, it is used for BGP, but in my case I use OSPF only.

------------------------------------------
Служба поддержки серверов
Группа сетевого администрирования
ДПП.УТП.СПС
ЗАО ПФ <СКБ-Контур>,
Тел. +7 (343) 344-11-50 доб. 75352
e-mail: dc-noc at skbkontur.ru<mailto:dc-noc at skbkontur.ru>
https://www.kontur.ru<https://www.kontur.ru/>

From: Василий Олейников [mailto:oleynikov_v at ufanet.ru]
Sent: Thursday, September 29, 2016 11:45 AM
To: Войнович Андрей Александрович <andreyv at skbkontur.ru>
Cc: bird-users at network.cz
Subject: Re: filter all prefixes except a few with 'case' control


It seems, that case doesn't work with prefix, only with single ip



As I see, this construct:



     case net {

         1.1.1.1:accept;

         2.2.2.2:accept;

         else: reject;

     }



works fine.



Maybe, ROA table can help you to simplify config?




Hi all!



I try to implement simple filter which rejects all prefixes except a few with 'case' control this way:



filter permit_white {

        case net {

                1.1.1.1/32: accept;

                2.2.2.2/32: accept;

                else: reject;

        }

}



But syntax check fails on line '1.1.1.1/32: accept;'. I read everything on Internet what was found, but cannot understand what is wrong.



------------------------------------------

Служба поддержки серверов

Группа сетевого администрирования

ДПП.УТП.СПС

ЗАО ПФ <СКБ-Контур>,

Тел. +7 (343) 344-11-50 доб. 75352

e-mail: dc-noc at skbkontur.ru<mailto:dc-noc at skbkontur.ru>

https://www.kontur.ru<https://www.kontur.ru/>










--

С уважением,

Василий Олейников

Системный администратор

Отдел эксплуатации и развития магистральной сети

Служба СПО ОАО "Уфанет"

тел. +7 (347) 2-900-402 вн.3314

моб. +7 937 333 45 56
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://trubka.network.cz/pipermail/bird-users/attachments/20160929/d6e4ee04/attachment.html>


More information about the Bird-users mailing list