Hi All,
We've been working on adding BGPSEC capability to BIRD. I have a link
below to patch against v1.3.9 that supports BGPSEC connections between
routers. If you desire, the link could also be added to BIRD's
related/software wiki.
It has only been tested in a small test bed w/linux machines and is
currently in an alpha state, but should support the BGPSEC protocol with
the exception of confederation handling, and algorithm rollover and of
course any bugs. I would be interested in any feedback if anyone wants
to play with it.
http://bgpsec.tislabs.com/
thanks,
Mike
--
Michael Baer
PARSONS
baerm(a)tislabs.com
Hello all,
I would like to use ROA filtering on my bird setup to reject invalid
prefixes announced by my peers.
I know there is currently no easy way to bind bird to an RPKI validator,
right?
I have to create a table in my conf file with
"roa table roa_table_name"
I have read (
https://ripe65.ripe.net/presentations/191-BIRD-20120926-OF-RIPE-EIX.pdf) there
is a way to populate dynamically this table.
How can I do that? "roa add" in cli?
Is there a way to flush the table?
I have also read (https://github.com/BIRD/bird/blob/master/filter/test.conf)
I can use roa_check().
Can I do a filter like this?
protocol bgp my_peer {
local as 65000;
neighbor 192.0.2.1 as 65001;
import filter peer_in;
}
filter peer_in {
if roa_check(roa_table_name, net, bgp_path.last) = ROA_INVALID then reject;
accept;
}
Cheers!
On 26.3.2013 12:40, Kay Rechthien wrote:
> Hey,
> On 08.03.2013, at 16:21, Ondrej Filip <feela(a)network.cz> wrote:
>
>> On 8.3.2013 09:38, Rashed Alwarrag wrote:
>>> Dear birds Experts
>>
>> Hi Rashed!
>>
>>>
>>> we have a BGP peer between Bird server and Juniper devices , we
>>> mentioned that in our Juniper router wrong MD5 password log appear as
>>> below
>>>
>>> kernel: %KERN-4: tcp_auth_ok: Packet from 192.168.0.10:179
>>> <http://192.168.0.10:179> wrong MD5 digest
>>>
>>> when we capture the BGP update we mentioned that the bird server is
>>> sending to the router the update with an unexpected MD5 key and The
>>> router ignore this update then again the bird server retransmit the
>>> same update with correct MD5
>>
>> Are you using Linux or BSD?
>>
>> Ondrej
>
> we have the issue also here. Our Routeservers are running latest Ubuntu.
> the issue is visible at cisco and juniper routers clearly. there are like ~10 bad packets per day and they don't affect the bgp session but they create a log entry every time at the routers.
>
Can you send us the output of this command: "ethtool -k <interface>"
(posibly 'ethtool -k eth0")
This usually helps:
/usr/sbin/ethtool -K eth0 tso off
/usr/sbin/ethtool -K eth0 gso off
/usr/sbin/ethtool -K eth0 sg off
> best regards
> kay
>
>
