On Mon, Nov 30, 2009 at 04:40:23PM +0100, Wolfgang Hennerbichler wrote:
On Nov 23, 2009, at 18:23 , Ondrej Zajicek wrote:
On Mon, Nov 23, 2009 at 08:19:43AM +0100, Wolfgang Hennerbichler wrote:
well, this is because our concept differs from the one of nic.cz. We filter at the border, and build pipes to every neighbor who has decided to peer. See this illustration I've made for the last euro-ix: http://tiny.wogri.at/PP (red is the filters, the arcs are the pipes). This means we have no "main" rib. This is good in certain ways:
Interesting concept. BTW, you should make sure that filters on the pipes are set such that there is no loop for each route.
hm. it seems that I do - sometimes - get loops.
Nov 30 14:00:30 rs1 bird: Pipe loop detected when sending 84.205.69.0/24 to table T8596x130 ... this only happens very rarely, maybe during configure soft or a bgp update. nevertheless I don't quite get it, because I do have filters in place which should avoid that. All my pipes look like this:
I checked the source for the loop check and it seems that there are some problems in that code. First, it is not very consistent - in one direction the loop check is applied after the filter and in other directon it is applied before the filter. Therefore it is possible that sometimes the loop check is triggered even if the filter would also reject the route. This is annoying but otherwise harmless, i hope. Second, in some situations the loop check does not work and that causes that the first problem manifests less often :-).
protocol pipe P30971x30x15 { table T30971x30; mode transparent; peer table T5403x15; import filter { reject; }; export filter { if from = 193.203.0.30 then { accept; } else reject; }; }
All your pipes do reject in the import filter and relevant test in the export filter? Every route passes through at most one pipe according to your expected filter behavior?
Do the pipes ignore the filters at any time?
I think filters are not ignored.
PS: We've got BIRD running at VIX in Beta now, about 12 participants, no crashes, no problems at all (except for the loop notices)
That is nice. -- Elen sila lumenn' omentielvo Ondrej 'SanTiago' Zajicek (email: santiago@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) "To err is human -- to blame it on a computer is even more so."