<div dir="ltr"><div>Again, speaking too soon here. Sorry for the spam. I read the documentation again - the ~ operator can be used with an "ip" type on the left and a "prefix" type on the right. So it would seem as though applying this to a prefix set should be something useful/an extension of checking if an IP is within a single prefix. I'll post back when I've applied the patch to let folks know if it worked.<br>
</div><div><br></div><div>Thanks again!</div><div><br></div><div>-JJ</div></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Fri, Nov 8, 2013 at 12:08 PM, John Jensen <span dir="ltr"><<a href="mailto:jensenja@gmail.com" target="_blank">jensenja@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Thanks for the function optimization. This does indeed make it simpler! I also believe I had misunderstood the documentation when I expected this to work - obviously "ip" and "prefix" are different types, and now that I've re-read the documentation on the ~ operator - "<span style="font-size:12.666666984558105px;background-color:rgb(242,252,254);font-family:Arial,Helvetica,sans-serif">it can be used on element and set of elements of the same typeš"</span><div>
<span style="font-size:12.666666984558105px;background-color:rgb(242,252,254);font-family:Arial,Helvetica,sans-serif"><br></span></div><div>My apologies. I appreciate the patch and will apply it shortly.<br>
</div><div><br></div><div>Thanks,</div><div><br></div><div>-JJ</div></div><div class="HOEnZb"><div class="h5"><div class="gmail_extra"><br><br><div class="gmail_quote">On Fri, Nov 8, 2013 at 3:58 AM, Sergey Popovich <span dir="ltr"><<a href="mailto:popovich_sergei@mail.ru" target="_blank">popovich_sergei@mail.ru</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">÷ ÐÉÓØÍÅ ÏÔ 7 ÎÏÑÂÒÑ 2013 16:05:50 ÐÏÌØÚÏ×ÁÔÅÌØ John Jensen ÎÁÐÉÓÁÌ:<br>
<div>> Hi,<br>
><br>
> We're about to migrate our exchange to a /23 and we're likely going to do<br>
> it over time. I have a simple filter in place to check and make sure that<br>
> the NEXT_HOP is within our exchange's subnet. Originally it looked like<br>
> this:<br>
><br>
> function check_ixp_next_hop(ip nexthop)<br>
> prefix ixpnet;<br>
> {<br>
> š ixpnet = x.x.x.x/24;<br>
> š if ! (nexthop ~ ixpnet) then return false;<br>
> š return true;<br>
> }<br>
><br>
><br>
> And then within the inbound filter for each peer's ASN:<br>
><br>
> if ! (check_ixp_next_hop(bgp_next_hop)) then reject;<br>
><br>
><br>
> Since we're going to be caring about two distinct prefixes while we perform<br>
> the migration, I changed the filter to look like this:<br>
><br>
> function check_ixp_next_hop(ip nexthop)<br>
> prefix set ixpnet;<br>
> {<br>
> š ixpnet = [ x.x.x.x/24, y.y.y.y/23 ];<br>
<br>
</div>Also, pay attention, you should use something like<br>
<br>
š š ixpnet = [ x.x.x.x/24+, y.y.y.y/23+ ];<br>
<br>
To match subnets.<br>
<div><br>
> š if ! (nexthop ~ ixpnet) then return false;<br>
> š return true;<br>
> }<br>
><br>
<br>
</div>Even simpler:<br>
-------------<br>
<br>
function check_ixp_next_hop(ip nexthop)<br>
{<br>
š return nexthop ~ [ x.x.x.x/24+, y.y.y.y/23+ ];<br>
}<br>
<span><font color="#888888"><br>
--<br>
SP5474-RIPE<br>
Sergey Popovich<br>
<br>
</font></span></blockquote></div><br></div>
</div></div></blockquote></div><br></div>