Community for small IX - problem with 4B ASN
Chris Caputo
ccaputo at alt.net
Mon Jan 22 14:51:12 CET 2018
I see AS205082 is yours. You'll need a 16-bit ASN in order to use the
communities described below.
Chris
On Mon, 22 Jan 2018, Chris Caputo wrote:
> What is myas set to?
>
> Chris
>
> On Mon, 22 Jan 2018, Piotr Marciniak wrote:
> > Hello Chris,
> >
> > Thank you for your config. Looks much better. Still I have know error...
> >
> > bird> conf check
> > Reading configuration from /etc/bird/bird.conf
> > /etc/bird/bird.conf, line 121: Value 205082 out of range (0-65535)
> >
> > ...but not in main section of filter. It is only here now:
> >
> > #Remove IXP related communities
> > #(...)
> > bgp_community.delete([(myas,*)]);
> >
> > Only this one line. Once commented - no errors in filter reported. Is there
> > any fix for it?
> >
> > Rgrds,
> >
> > Peter
> >
> > -----Oryginalna wiadomość----- From: Chris Caputo
> > Sent: Monday, January 22, 2018 2:25 PM
> > To: Piotr Marciniak
> > Cc: bird-users at network.cz
> > Subject: Re: Community for small IX - problem with 4B ASN
> >
> > > 1. Is it possible to enable 4B ASn for communities in Bird? Will it work
> > > with other rouers?
> > > 2. Can we use instead private ASn just for community filters? Are they
> > > processed corretly by other Internet routers of our peers?
> >
> > 1. Yes.
> >
> > 2. I don't recommend it.
> >
> > To see the communities supported by the SIX route servers, refer to:
> >
> > https://www.seattleix.net/route-servers#communities
> >
> > Below is how we do it with bird 1.6.3. Not sure about 2.0+.
> >
> > I hope this helps and feedback from the community is welcome.
> >
> > Chris
> >
> > ---
> >
> > define myas = SET TO IXP ASN;
> > define peerPrepend1 = 65001;
> > define peerPrepend2 = 65002;
> > define peerPrepend3 = 65003;
> >
> > # BGP output filter (based on communities)
> > # Returning false means don't propagate route to peeras.
> > # Returning true means do propagate route to peeras.
> > function bgp_out_comm(int peeras)
> > {
> > if ! (source = RTS_BGP ) then return false;
> >
> > if (myas,0,peeras) ~ bgp_large_community then return false;
> > if (myas,1,peeras) ~ bgp_large_community then return true;
> > if (myas,0,0) ~ bgp_large_community then return false;
> >
> > if peeras > 65535 then
> > {
> > if (ro,0,peeras) ~ bgp_ext_community then return false;
> > if (ro,myas,peeras) ~ bgp_ext_community then return true;
> > if ((ro,0,myas) ~ bgp_ext_community) then return false;
> > } else {
> > if ((0,peeras) ~ bgp_community) || ((ro,0,peeras) ~ bgp_ext_community)
> > then return false;
> > if ((myas,peeras) ~ bgp_community) || ((ro,myas,peeras) ~
> > bgp_ext_community) then return true;
> > if ((0,myas) ~ bgp_community) || ((ro,0,myas) ~ bgp_ext_community) then
> > return false;
> > }
> > return true;
> > }
> >
> > function bgp_out(int peeras)
> > {
> > if !bgp_out_comm(peeras) then return false;
> >
> > # Prepends
> > if peeras > 65535 then
> > {
> > if ((ro,peerPrepend1,peeras) ~ bgp_ext_community) ||
> > ((myas,peerPrepend1,peeras) ~ bgp_large_community) then {
> > bgp_path.prepend(bgp_path.first);
> > }
> > if ((ro,peerPrepend2,peeras) ~ bgp_ext_community) ||
> > ((myas,peerPrepend2,peeras) ~ bgp_large_community) then {
> > bgp_path.prepend(bgp_path.first);
> > bgp_path.prepend(bgp_path.first);
> > }
> > if ((ro,peerPrepend3,peeras) ~ bgp_ext_community) ||
> > ((myas,peerPrepend3,peeras) ~ bgp_large_community) then {
> > bgp_path.prepend(bgp_path.first);
> > bgp_path.prepend(bgp_path.first);
> > bgp_path.prepend(bgp_path.first);
> > }
> > } else {
> > if ((peerPrepend1,peeras) ~ bgp_community) || ((ro,peerPrepend1,peeras)
> > ~ bgp_ext_community) || ((myas,peerPrepend1,peeras) ~ bgp_large_community)
> > then {
> > bgp_path.prepend(bgp_path.first);
> > }
> > if ((peerPrepend2,peeras) ~ bgp_community) || ((ro,peerPrepend2,peeras)
> > ~ bgp_ext_community) || ((myas,peerPrepend2,peeras) ~ bgp_large_community)
> > then {
> > bgp_path.prepend(bgp_path.first);
> > bgp_path.prepend(bgp_path.first);
> > }
> > if ((peerPrepend3,peeras) ~ bgp_community) || ((ro,peerPrepend3,peeras)
> > ~ bgp_ext_community) || ((myas,peerPrepend3,peeras) ~ bgp_large_community)
> > then {
> > bgp_path.prepend(bgp_path.first);
> > bgp_path.prepend(bgp_path.first);
> > bgp_path.prepend(bgp_path.first);
> > }
> > }
> >
> > # Remove IXP related communities
> > bgp_community.delete([(0,*)]);
> > bgp_community.delete([(myas,*)]);
> > bgp_community.delete([(peerPrepend1,*)]);
> > bgp_community.delete([(peerPrepend2,*)]);
> > bgp_community.delete([(peerPrepend3,*)]);
> > bgp_ext_community.delete([(ro,0,*)]);
> > bgp_ext_community.delete([(ro,myas,*)]);
> > bgp_ext_community.delete([(ro,peerPrepend1,*)]);
> > bgp_ext_community.delete([(ro,peerPrepend2,*)]);
> > bgp_ext_community.delete([(ro,peerPrepend2,*)]);
> > bgp_large_community.delete([(myas,*,*)]);
> >
> > return true;
> > }
> >
> > On Mon, 22 Jan 2018, Piotr Marciniak wrote:
> > > Dear Advisors ;],
> > >
> > > Thank you for all posts. But still I do not know how to make Bird working
> > > with
> > > 4B communities and if I may do this - whether it will be accepted for our
> > > peers? In short - I do not know how to adapt to 4B communities following
> > > examples:
> > >
> > > https://gitlab.labs.nic.cz/labs/bird/wikis/Route_server_with_community_based_filtering_and_multiple_RIBs
> > > https://gitlab.labs.nic.cz/labs/bird/wikis/Route_server_with_community_based_filtering_and_single_RIB
> > >
> > > Is there any way to enable 4B communities in bird.conf?
> > >
> > > I do not have any problem with 4B ASn. I set bgp peering sessions from Bird
> > > with 4B ASn. Even our IX has AS205082.
> > >
> > > This is why I put 2 questions:
> > >
> > > 1. Is it possible to enable 4B ASn for communities in Bird? Will it work
> > > with other rouers?
> > > 2. Can we use instead private ASn just for community filters? Are they
> > > processed corretly by other Internet routers of our peers?
> > >
> > > Please - do not explain me theoretical difference between 16 and 32 bits.
> > > Question is simple - can I use 4B communities for filters? If not - what
> > > 16bit
> > > "fake ASn" I can use instead safely?
> > >
> > > Best wishes,
> > >
> > > Piotr Marciniak
> > >
> > >
> > > -----Oryginalna wiadomość----- From: Paweł Nastachowski
> > > Sent: Monday, January 22, 2018 1:12 PM
> > > To: Piotr Marciniak
> > > Cc: bird-users at network.cz
> > > Subject: Re: Community for small IX - problem with 4B ASN
> > >
> > > Hi Piotr,
> > >
> > > I should use extended community for 4B ASN, because normal community is too
> > > small “Encodes a 32-bit value displayed as “16-bit ASN:16-bit value”.
> > >
> > > Regards,
> > > Pawel
> > >
> > > -----Wiadomość oryginalna-----
> > > Od: Bird-users <bird-users-bounces at network.cz> w imieniu użytkownika Piotr
> > > Marciniak <zboj at mnc.pl>
> > > Data: poniedziałek, 22 stycznia 2018 11:15
> > > Do: "bird-users at network.cz" <bird-users at network.cz>
> > > Temat: Community for small IX - problem with 4B ASN
> > >
> > > Hello,
> > >
> > > I've spent a while on below docs and faced a problem with 4B ASN we use.
> > > Bird reports an error 'when 'myas' is 4B => so above 65535.
> > > See some testing example below:
> > >
> > > bird> configure
> > > Reading configuration from /etc/bird/bird.conf
> > > /etc/bird/bird.conf, line 81: Value 165250 out of range (0-65535)
> > >
> > > The only way this config reports no error is to set here private ASn -
> > > fe.
> > > 65250. But it will never match our real ASn.
> > >
> > > Two questions:
> > >
> > > 1. Is it possible to enable 4B ASn for communities in Bird? Will it work
> > > with other rouers?
> > > 2. Can we use instead private ASn just for community filters? Are they
> > > processed corretly by other Internet routers of our peers?
> > >
> > > Or maybe there is another work around?
> > >
> > > Best wishes,
> > >
> > > Peter
> > >
> > >
> > > -----Oryginalna wiadomość-----
> > > From: Piotr Marciniak
> > > Sent: Friday, December 29, 2017 5:01 PM
> > > To: Ondrej Zajicek
> > > Cc: bird-users at network.cz
> > > Subject: Re: Community for small IX
> > >
> > >
> > > There are some examples in BIRD wiki, mainly:
> > >
> > >
> > > https://urldefense.proofpoint.com/v2/url?u=https-3A__gitlab.labs.nic.cz_labs_bird_wikis_Route-5Fserver-5Fwith-5Fcommunity-5Fbased-5Ffiltering-5Fand-5Fmultiple-5FRIBs&d=DwIDaQ&c=gxW9PgscCAGwFImBgfkGkoANogu61GVPNv0sglxAtik&r=5Q01PsGCLGh5Iipn2_EFz2pKmXKRl5oJ_tHzyrwTUhrj4D27CXd9SGXgnGWoH5Yy&m=b6e1rT2mu_bWkZiOT-71FnOGwrXSx-xnpaRwbI3-BFI&s=2UgZOD_Fkqt6ZgVqlXm_vXRiY1LP_MTlkWo-TGVqAtE&e=
> > >
> > > https://urldefense.proofpoint.com/v2/url?u=https-3A__gitlab.labs.nic.cz_labs_bird_wikis_Route-5Fserver-5Fwith-5Fcommunity-5Fbased-5Ffiltering-5Fand-5Fsingle-5FRIB&d=DwIDaQ&c=gxW9PgscCAGwFImBgfkGkoANogu61GVPNv0sglxAtik&r=5Q01PsGCLGh5Iipn2_EFz2pKmXKRl5oJ_tHzyrwTUhrj4D27CXd9SGXgnGWoH5Yy&m=b6e1rT2mu_bWkZiOT-71FnOGwrXSx-xnpaRwbI3-BFI&s=KjVYea-iJRNl8BxFQFgkEeHLWFK8qwenAm_GRJDH4Q4&e=
> > >
> > > --
> > > Elen sila lumenn' omentielvo
> > >
> > > Ondrej 'Santiago' Zajicek (email: santiago at crfreenet.org)
> > > OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net)
> > > "To err is human -- to blame it on a computer is even more so."
> > >
> > >
> > >
> > > This email is from Equinix (EMEA) B.V. or one of its associated companies in
> > > the territory from where this email has been sent. This email, and any files
> > > transmitted with it, contains information which is confidential, is solely
> > > for
> > > the use of the intended recipient and may be legally privileged. If you have
> > > received this email in error, please notify the sender and delete this email
> > > immediately. Equinix (EMEA) B.V.. Registered Office: Amstelplein 1, 1096 HA
> > > Amsterdam, The Netherlands. Registered in The Netherlands No. 57577889.
> >
> >
More information about the Bird-users
mailing list