<div dir="ltr">Thanks, I did it but it is still not working. Nevermind I will use 'show route filtered'.</div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">Il giorno lun 20 apr 2020 alle ore 15:27 Maria Matejka <<a href="mailto:maria.matejka@nic.cz">maria.matejka@nic.cz</a>> ha scritto:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">The tilde operator is not symmetric, although it visually seems to be.<br>
It can be (at least in this case) vaguely interpreted as »left operand <br>
is contained by the right operand«.<br>
<br>
In other words, exchange the operands of the tilde.<br>
<br>
Maria<br>
<br>
On 4/20/20 3:19 PM, Fabiano D'Agostino wrote:<br>
> Thanks, it worked. So the community isn't needed? I tried 'show route <br>
> table t_0002_as2 where bgp_large_community ~ [(1,1101,13)]' and it prints:<br>
> Table t_0002_as2:<br>
> <br>
> Il giorno lun 20 apr 2020 alle ore 15:00 Maria Matejka <br>
> <<a href="mailto:maria.matejka@nic.cz" target="_blank">maria.matejka@nic.cz</a> <mailto:<a href="mailto:maria.matejka@nic.cz" target="_blank">maria.matejka@nic.cz</a>>> ha scritto:<br>
> <br>
> show route all filtered<br>
> <br>
> shows only routes from master4 and master6 tables<br>
> <br>
> to show routes from this protocol, use<br>
> <br>
> show route table t_0002_as2 all filtered<br>
> <br>
> Maria<br>
> <br>
> On 4/20/20 2:50 PM, Fabiano D'Agostino wrote:<br>
> > Yes, I just enabled it:<br>
> > protocol bgp {<br>
> > ...<br>
> > ipv4{<br>
> > import keep fitlered;<br>
> > import limit 250 action restart;<br>
> > import filter filter_rpki;<br>
> > table t_0002_as2;<br>
> > }<br>
> > }<br>
> ><br>
> > RPKI is working because if I check the syslog I find the invalid<br>
> printed<br>
> > prefixes, but 'show route all filtered' doesn't show anything.<br>
> ><br>
> > Il giorno lun 20 apr 2020 alle ore 14:05 Maria Matejka<br>
> > <<a href="mailto:maria.matejka@nic.cz" target="_blank">maria.matejka@nic.cz</a> <mailto:<a href="mailto:maria.matejka@nic.cz" target="_blank">maria.matejka@nic.cz</a>><br>
> <mailto:<a href="mailto:maria.matejka@nic.cz" target="_blank">maria.matejka@nic.cz</a> <mailto:<a href="mailto:maria.matejka@nic.cz" target="_blank">maria.matejka@nic.cz</a>>>> ha scritto:<br>
> ><br>
> > And do you have<br>
> > import keep filtered;<br>
> > in your config?<br>
> > Maria<br>
> ><br>
> > On 4/20/20 11:19 AM, Fabiano D'Agostino wrote:<br>
> > > Hi,<br>
> > > In my route server bird.conf I did this:<br>
> > > define FILTERED_RPKI_INVALID = (1,1101,13);<br>
> > ><br>
> > > filter filter_rpki{<br>
> > > if roa_check(..)=ROA_INVALID then<br>
> > > {bgp_large_community.add(FILTERED_RPKI_INVALID);reject;}<br>
> > > }<br>
> > ><br>
> > > But when I do 'show route all filtered' I get nothing, I also<br>
> > tried with<br>
> > > 'show route bgp_large_community ~ [(1,1101,13)]' and I<br>
> have the<br>
> > same result.<br>
> > > Because I would like to have some statistics about<br>
> > > VALID/INVALID/UNKOWN prefixes and I saw that I could use the<br>
> > 'show route<br>
> > > stats' command.<br>
> > ><br>
> > > Thanks,<br>
> > ><br>
> > > Fabiano<br>
> > ><br>
> > > Il giorno dom 19 apr 2020 alle ore 21:30 Alarig Le Lay<br>
> > > <<a href="mailto:alarig@swordarmor.fr" target="_blank">alarig@swordarmor.fr</a> <mailto:<a href="mailto:alarig@swordarmor.fr" target="_blank">alarig@swordarmor.fr</a>><br>
> <mailto:<a href="mailto:alarig@swordarmor.fr" target="_blank">alarig@swordarmor.fr</a> <mailto:<a href="mailto:alarig@swordarmor.fr" target="_blank">alarig@swordarmor.fr</a>>><br>
> > <mailto:<a href="mailto:alarig@swordarmor.fr" target="_blank">alarig@swordarmor.fr</a> <mailto:<a href="mailto:alarig@swordarmor.fr" target="_blank">alarig@swordarmor.fr</a>><br>
> <mailto:<a href="mailto:alarig@swordarmor.fr" target="_blank">alarig@swordarmor.fr</a> <mailto:<a href="mailto:alarig@swordarmor.fr" target="_blank">alarig@swordarmor.fr</a>>>>> ha<br>
> scritto:<br>
> > ><br>
> > > On Sun 19 Apr 2020 20:42:21 GMT, Fabiano D'Agostino wrote:<br>
> > > > Thanks!<br>
> > > > But can I also use birdc to check rejected prefixes?<br>
> > ><br>
> > > If you add a community, it will be visible with `show<br>
> route all<br>
> > > filtered`<br>
> > ><br>
> > > > Anyway why do you suggest to use<br>
> bgp_path.last_noaggregated?<br>
> > ><br>
> > > Because you don’t want to check ROA against another<br>
> ASN in the<br>
> > > aggregated path.<br>
> > ><br>
> > > --<br>
> > > Alarig<br>
> > ><br>
> ><br>
> <br>
</blockquote></div>