On 03/08/2013 07:28 PM, Andre Nathan wrote:
On Fri, 08 Mar 2013, Hans van Kranenburg wrote:
When converting the other router to bird, you can also configure it to just use the /24 ranges in the context of talking to the ebgp peer, and never let them come near the t_bgp or even master table, so you don't need the additional filters to keep them out again.
Borrowing your routing table scheme from your first reply:
Whoops, the drawing does not entirely match the config, p_bgp_to_master should be p_master_to_bgp and p_wzyx_to_bgp should be p_bgp_to_wxyz, like in the diff I sent in the first post. This does not alter any of the behaviour by the way. So: kernel ^ : | : | v +--------+ | master | +--------+ ^ : | : p_master_to_bgp | v ,---> +--------+ | ,-- | t_bgp | ---------------------. | : +--------+ <-----------------. | | : ^ : | v | : | : p_bgp_to_wxyz iBGP peers | v | v +--------+ +--------+ | t_uiop | | t_wzyx | - - - - - -. +--------+ +--------+ <--------. | ^ | ^ | | v | | | | originate_to_wzyx | v | v eBGP peers Arrows pointing up then mean import (pointing closer to bird), and pointing down mean export (further away from bird).
In the eBGP session I have an input filter that rejects routes matching my /24.
That's a filter for sanity purposes I guess, an eBGP peer should never send you your own routes?
What happens here is that despite the filter, those routes still end up being added to t_bgp because they were added to t_wzyx via originate_to_wzyx. Is that correct?
No, because if you do import where proto = "eBGP" only the routes that were learned in protocol bgp eBGP would match. the /24's would match when you say where proto = "originate_to_wzyx" Using the commands in the interactive console, birdc, you could try to debug what's going on exactly, and where those routes come from... show route all table t_wzyx and... show route protocol eBGP table t_wzyx (imported routes) show route export eBGP table t_wzyx (exported routes) etc...
If so, the solution is see is to change p_wzyx_to_bgp so that instead of 'import where proto = "eBGP"' a more complex filter is used, something like
if proto = "eBGP" && ! (net ~ [a.b.0.0/24, a.b.1.0/24]) then { accept; } reject;
Looks good?
-- Hans van Kranenburg - System / Network Engineer T +31 (0)10 2760434 | hans.van.kranenburg@mendix.com | www.mendix.com