<html><body><div style="font-family: arial, helvetica, sans-serif; font-size: 12pt; color: #000000"><div><style>/*<![CDATA[*/*.info_type {
color: rgb(136,205,211);
font-size: 14.0px;
margin-right: 5.0px;
}
*.info {
font-size: 14.0px;
margin-right: 5.0px;
}
*.img {
vertical-align: bottom;
height: 1.0em;
width: 1.0em;
padding-bottom: 3.0px;
}
/*]]>*/</style></div><div data-marker="__QUOTED_TEXT__"><div>
<p>Hello,</p>
<p>We're using BIRD 1.6.4 as Route Server.<br>
</p>
<p>Recently we have implemented ROA prefix validation but we have hit the issue with prefixes that are aggregated only.</p><p>What do I mean: When the prefix is aggregate and has something like 1234 { 10, 20 } in AS_PATH in last asn, bgp_path.last value returns zero ( 0 ). As result of this we just discarding such prefixes.</p><p>Our approach is the following:</p><p>1) We're using static RoA tables with prefixes for example:</p><p><span style="font-family: "courier new", courier, monaco, monospace, sans-serif;" data-mce-style="font-family: 'courier new', courier, monaco, monospace, sans-serif;">roa table r1234 {</span><br><span style="font-family: "courier new", courier, monaco, monospace, sans-serif;" data-mce-style="font-family: 'courier new', courier, monaco, monospace, sans-serif;"> roa 10.10.10.0/24 max 32 as 1234;</span><br><span style="font-family: "courier new", courier, monaco, monospace, sans-serif;" data-mce-style="font-family: 'courier new', courier, monaco, monospace, sans-serif;"> roa 10.10.11.0/24 max 32 as 1234;</span><br><span style="font-family: "courier new", courier, monaco, monospace, sans-serif;" data-mce-style="font-family: 'courier new', courier, monaco, monospace, sans-serif;"> roa 10.10.12.0/24 max 32 as 1234;</span><br><span style="font-family: "courier new", courier, monaco, monospace, sans-serif;" data-mce-style="font-family: 'courier new', courier, monaco, monospace, sans-serif;">}</span></p><pre><br><span style="font-family: arial, helvetica, sans-serif;" data-mce-style="font-family: arial, helvetica, sans-serif;">2) Then create a different function for each member like this and applying it on each protocol BGP as latest function:</span><span style="white-space: normal;" data-mce-style="font-family: arial, helvetica, sans-serif;"><font face="arial, helvetica, sans-serif">
</font></span></pre><p><span style="font-family: "courier new", courier, monaco, monospace, sans-serif;" data-mce-style="font-family: 'courier new', courier, monaco, monospace, sans-serif;">function AS1234_roa() {</span></p><p><span style="font-family: "courier new", courier, monaco, monospace, sans-serif;" data-mce-style="font-family: 'courier new', courier, monaco, monospace, sans-serif;"> if roa_check(r1234, net, bgp_path.last) = ROA_INVALID then {</span></p><p><span style="font-family: "courier new", courier, monaco, monospace, sans-serif;" data-mce-style="font-family: 'courier new', courier, monaco, monospace, sans-serif;"> print "ROA check failed: invalid prefix - ", net, " origin ASN ", bgp_path.last , " - AS-PATH", bgp_path , " via ", proto; return false;</span></p><p><span style="font-family: "courier new", courier, monaco, monospace, sans-serif;" data-mce-style="font-family: 'courier new', courier, monaco, monospace, sans-serif;"> }</span></p><p><span style="font-family: "courier new", courier, monaco, monospace, sans-serif;" data-mce-style="font-family: 'courier new', courier, monaco, monospace, sans-serif;"> if roa_check(r1234, net, bgp_path.last) = ROA_UNKNOWN then {</span></p><p><span style="font-family: "courier new", courier, monaco, monospace, sans-serif;" data-mce-style="font-family: 'courier new', courier, monaco, monospace, sans-serif;"> print "ROA check failed: unallowed prefix - ", net, " origin ASN ", bgp_path.last , " - AS-PATH", bgp_path , " via ", proto; return false;</span></p><p><span style="font-family: "courier new", courier, monaco, monospace, sans-serif;" data-mce-style="font-family: 'courier new', courier, monaco, monospace, sans-serif;"> }</span><br><span style="font-family: "courier new", courier, monaco, monospace, sans-serif;" data-mce-style="font-family: 'courier new', courier, monaco, monospace, sans-serif;"> return true;</span><br><span style="font-family: "courier new", courier, monaco, monospace, sans-serif;" data-mce-style="font-family: 'courier new', courier, monaco, monospace, sans-serif;">}</span></p><p>
<br>
Could someone BIRD developer to suggest some solution for this issue?<br>
</p>
<div class="moz-signature">Thanks in advance!<br>
<br>
Best~<br>
-- <br>
---<br>
<div style="font-family: tahoma, sans-serif; color: rgb(0, 128, 129); font-size: 14px;">
<h2 style="font-family: tahoma, sans-serif; font-weight: 700; color: rgb(0, 128, 129); font-size: 14px; margin: 0px; line-height: 18px;">Javor Kliachev</h2>
<h4 style="color: rgb(136, 205, 211); font-weight: 100; font-size: 14px; margin: 0px;">Senior Engineer IP Services</h4>
<span class="info_type">office:</span><span class="info">+359 2
974 33 11</span><br>
<span class="info_type">mobile:</span><span class="info">+359
885 98 84 95 </span><br>
</div>
<a href="http://www.neterra.net" style="font-size: 14px; font-family: verdana; color: rgb(0, 128, 129); text-decoration: none !important;" target="_blank" rel="nofollow noopener noreferrer">www.neterra.net</a> <a href="https://bg.linkedin.com/pub/javor-kliachev/11/b46/843" style="text-decoration: none;" target="_blank" rel="nofollow noopener noreferrer"> <img class="img" src="http://old.neterra.net/public/signatures/LinkedIn-icon-mini.png" saveddisplaymode="" style=""> </a> <br>
<br>
<br>
</div>
</div><br></div></div></body></html>