Invalid ROA
Fabiano D'Agostino
fabiano.dagostino96 at gmail.com
Mon Apr 20 11:19:21 CEST 2020
Hi,
In my route server bird.conf I did this:
define FILTERED_RPKI_INVALID = (1,1101,13);
filter filter_rpki{
if roa_check(..)=ROA_INVALID then
{bgp_large_community.add(FILTERED_RPKI_INVALID);reject;}
}
But when I do 'show route all filtered' I get nothing, I also tried with
'show route bgp_large_community ~ [(1,1101,13)]' and I have the same result.
Because I would like to have some statistics about
VALID/INVALID/UNKOWN prefixes and I saw that I could use the 'show route
stats' command.
Thanks,
Fabiano
Il giorno dom 19 apr 2020 alle ore 21:30 Alarig Le Lay <alarig at swordarmor.fr>
ha scritto:
> On Sun 19 Apr 2020 20:42:21 GMT, Fabiano D'Agostino wrote:
> > Thanks!
> > But can I also use birdc to check rejected prefixes?
>
> If you add a community, it will be visible with `show route all
> filtered`
>
> > Anyway why do you suggest to use bgp_path.last_noaggregated?
>
> Because you don’t want to check ROA against another ASN in the
> aggregated path.
>
> --
> Alarig
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://trubka.network.cz/pipermail/bird-users/attachments/20200420/e1f10884/attachment.htm>
More information about the Bird-users
mailing list