RPKI validation state community not reflected
Ondrej Zajicek
santiago at crfreenet.org
Fri May 8 00:43:17 CEST 2020
On Thu, May 07, 2020 at 10:28:59PM +0200, Alarig Le Lay wrote:
> Hi,
>
> I’m facing a weird situation where a BIRD receives a prefix from on
> session, add the community for the RPKI state, but doesn’t reflect it to
> a rr client.
>
> It’s the exact same case as
> https://puck.nether.net/pipermail/cisco-nsp/2020-May/107542.html
> (although I’m not trying to debug the cisco here :D)
> I’m just on the BIRD part while Pierre is on the Cisco part.
>
> Here is some complementary output from BIRD:
Hi
Your filter adds two communities:
> bgp_large_community.add((204092,204092,100));
> bgp_community.add((64496,2150));
These are in the cisco output:
Community: 64496:100 64496:2150
unknown transitive attribute: flag 0xE0 type 0x20 length 0x18
value 0003 1D3C 0000 0064 0000 0096 0003 1D3C
0003 1D3C 0000 0064
So what is missing? The ext_community?
I think we had some bug in handling transitive ext. community.
See this patch:
https://gitlab.labs.nic.cz/labs/bird/-/commit/ec331acf48535211fb5b50c87e74bf1c8370283a
Also note that your template has both 'import where' and 'import filter',
which are the same, so the first is replaced by the second.
Also, for import 'where source = RTS_BGP' does not make much sense outside of pipes.
--
Elen sila lumenn' omentielvo
Ondrej 'Santiago' Zajicek (email: santiago at crfreenet.org)
OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net)
"To err is human -- to blame it on a computer is even more so."
More information about the Bird-users
mailing list