Question for proper RPKI check integration in the bird v2.0.4 with Euro-IX Informational BGP communities
Barry O'Donovan
barry.odonovan at inex.ie
Wed Sep 25 12:36:20 CEST 2019
Hi Irene,
looks like you're trying to put together a route server config?
First thing that jumps out at me is you have "roa check" but it should
be "roa_check".
We have full working sample configs that are used in our continuous
integration tests for IXP Manager - here's a v4 version which includes RPKI:
https://github.com/inex/IXP-Manager/blob/master/data/travis-ci/known-good/ci-apiv4-b2-rs1-lan1-ipv4.conf
Loads of info on this on https://docs.ixpmanager.org/ and presentations
with videos from 2019 at:
https://www.ixpmanager.org/presentations
Hope that helps,
- Barry
Irene Lalioti wrote on 25/09/2019 09:58:
> Hello all,
>
> Can you please let me know where is the syntax error in my snippet , or
> if it is wrong how else I should integrate it in a way bird doesn't
> complain? Thanks in advance!
>
> #RPKI Check
>
> filter bgp_in_AS1234
> prefix set allnet;
> {
> include "/etc/bird/prefix-lists/AS2589-v4";
> if (is_martian4()) then reject;
> if ! (net ~ allnet) then reject;
> rpki_result = roa check(r4, net, bgp_path.last_nonaggregated );
> if ( rpki_result = ROA_INVALID ) then{
> bgp_community.add((1234:1000:4));
> reject;
> print "Invalid ROA ", net, " for ASN ", bgp_path.last_nonaggregated,
> "from AS1234" ;
> }
> if ( rpki_result = ROA_VALID ) then{
> bgp_community.add((1234:1000:1));
> accept;
> }
> if ( rpki_result = ROA_ UNKNOWN ) then{
> bgp_community.add((1234:1000:2));
> accept;
> print "Unknown RPKI ", net, "for ASN ", bgp_path.last_nonaggregated,
> "from AS1234 ";
> }
> }
>
> --
> Irene Lalioti
> Network Engineer
> Fondation RESTENA
> 2, avenue de l'Université
> L-4365 Esch/Alzette
>
> Tel: +352 424409 1
> Fax: +352 422473
>
--
Kind regards,
Barry O'Donovan
INEX Operations
https://www.inex.ie/support/
+353 1 531 3339
More information about the Bird-users
mailing list