Bird 3.1.1 - rpki problem
Łukasz Trąbiński
lukasz at trabinski.net
Wed Jun 4 00:39:04 CEST 2025
Thank You, i have just found new documentation:
https://bird.nic.cz/doc/bird-3.1.1.html#rpki
> Wiadomość napisana przez Robert Scheck <bird at robert-scheck.de> w dniu 3 cze 2025, o godz. 17:35:
>
> Hello Łukasz,
>
> On Tue, 03 Jun 2025, Łukasz Trąbiński wrote:
>> Could You send me example of rpki config for Bird 3.x.x?
>> In 2.x.x, I’m use something like below, but it’s not working with 3.x.x
>
> I'm using the following with rpki-client. I guess you need to remove the
> if() for force_roa_table_update when using a TCP connection instead of an
> include.
>
> function reject_invalid_roa() {
> if (force_roa_table_update > 0) then {
> if (net.type = NET_IP4) then {
> case roa_check(ROAS4, net, bgp_path.last) {
> ROA_INVALID:
> print "Rejected invalid ROA IPv4 prefix: ", net, " ", bgp_path, ", (neighbour ", from, ")";
> reject;
> ROA_VALID:
> print "Valid ROA IPv4 prefix: ", net, " ", bgp_path, ", (neighbour ", from, ")";
> ROA_UNKNOWN:
> print "Unknown ROA IPv4 prefix: ", net, " ", bgp_path, ", (neighbour ", from, ")";
> }
> }
>
> if (net.type = NET_IP6) then {
> case roa_check(ROAS6, net, bgp_path.last) {
> ROA_INVALID:
> print "Rejected invalid ROA IPv6 prefix: ", net, " ", bgp_path, ", (neighbour ", from, ")";
> reject;
> ROA_VALID:
> print "Valid ROA IPv6 prefix: ", net, " ", bgp_path, ", (neighbour ", from, ")";
> ROA_UNKNOWN:
> print "Unknown ROA IPv6 prefix: ", net, " ", bgp_path, ", (neighbour ", from, ")";
> }
> }
> }
> }
>
> The main difference is that I reject inside the function without returning
> a boolean.
>
>
> Regards,
> Robert
More information about the Bird-users
mailing list