Question for proper RPKI check integration in the bird v2.0.4 with Euro-IX Informational BGP communities
Irene Lalioti
irene.lalioti at restena.lu
Wed Sep 25 13:27:14 CEST 2019
Barry, thanks a lot, I appreciate the feedback. In the meantime, we have
altered the syntax a bit and it seems to work this snippet. (The issue
still persists with the pair errors I sent in my previous email)
filter bgp_in_AS39180_4
prefix set allnet;
{
include "/etc/bird/prefix-lists/AS39180-v4";
if (is_martian4()) then reject;
if ! (net ~ allnet) then reject;
if (roa_check(r4, net, bgp_path.last_nonaggregated ) = ROA_INVALID )
then{
bgp_large_community.add((49624,1000,4));
accept;
print "Invalid ROA ", net, " for ASN ",
bgp_path.last_nonaggregated, "from AS39180" ;
}
if (roa_check(r4, net, bgp_path.last_nonaggregated ) = ROA_VALID ) then{
bgp_large_community.add((49624,1000,1));
accept;
}
if (roa_check(r4, net, bgp_path.last_nonaggregated ) = ROA_UNKNOWN )
then{
bgp_large_community.add((49624,1000,2));
accept;
}
}
regards, Irene
On 9/25/19 12:36 PM, Barry O'Donovan wrote:
> Hi Irene,
>
> looks like you're trying to put together a route server config?
>
> First thing that jumps out at me is you have "roa check" but it should
> be "roa_check".
>
> We have full working sample configs that are used in our continuous
> integration tests for IXP Manager - here's a v4 version which includes RPKI:
>
> https://github.com/inex/IXP-Manager/blob/master/data/travis-ci/known-good/ci-apiv4-b2-rs1-lan1-ipv4.conf
>
>
> Loads of info on this on https://docs.ixpmanager.org/ and presentations
> with videos from 2019 at:
>
> https://www.ixpmanager.org/presentations
>
> Hope that helps,
> - Barry
>
>
> Irene Lalioti wrote on 25/09/2019 09:58:
>> Hello all,
>>
>> Can you please let me know where is the syntax error in my snippet , or
>> if it is wrong how else I should integrate it in a way bird doesn't
>> complain? Thanks in advance!
>>
>> #RPKI Check
>>
>> filter bgp_in_AS1234
>> prefix set allnet;
>> {
>> include "/etc/bird/prefix-lists/AS2589-v4";
>> if (is_martian4()) then reject;
>> if ! (net ~ allnet) then reject;
>> rpki_result = roa check(r4, net, bgp_path.last_nonaggregated );
>> if ( rpki_result = ROA_INVALID ) then{
>> bgp_community.add((1234:1000:4));
>> reject;
>> print "Invalid ROA ", net, " for ASN ", bgp_path.last_nonaggregated,
>> "from AS1234" ;
>> }
>> if ( rpki_result = ROA_VALID ) then{
>> bgp_community.add((1234:1000:1));
>> accept;
>> }
>> if ( rpki_result = ROA_ UNKNOWN ) then{
>> bgp_community.add((1234:1000:2));
>> accept;
>> print "Unknown RPKI ", net, "for ASN ", bgp_path.last_nonaggregated,
>> "from AS1234 ";
>> }
>> }
>>
>> --
>> Irene Lalioti
>> Network Engineer
>> Fondation RESTENA
>> 2, avenue de l'Université
>> L-4365 Esch/Alzette
>>
>> Tel: +352 424409 1
>> Fax: +352 422473
>>
>
--
Irene Lalioti
Network Engineer
Fondation RESTENA
2, avenue de l'Université
L-4365 Esch/Alzette
Tel: +352 424409 1
Fax: +352 422473
More information about the Bird-users
mailing list