Hello Ondrej, Many thanks for your explanation and the solution. I have made the necessary changes according your advice but now I see following strange behaviour. I'm trying to implement "roa filter check" in separate function but unfortunately it doesn't work. May be I made something wrong but I don't know where or what :) I ask for your help again. Here is part of my conf in the lab: table T64778 roa table r64778 { roa 31.13.244.0/24 max 24 as 64778; } function AS64778_in() { /# This check seems not working. The network 87.120.111.0/24 is permitted which is strange.// # because it is not listed in my roa table. When I use the same but implemented in "import filter" it works. / if roa_check(r64778, net, bgp_path.last) = ROA_INVALID then return false; /# Fake networkf for test - it should not be accepted. // //# When I try to remove the comment bellow everything works as expected and the networks is reject successful.// /# if (net = 87.120.111.0/24) then return false; return true; } protocol pipe P64778 from PIPES { description "Monitoring"; peer table T64778; # export where bgp_out(64778); export where MM_PIPE_OUT(64778,[(1,1001..1999)]); } protocol bgp R0_252 from PEERS { description "0.252_Mon"; neighbor 10.0.0.252 as 64778; import where AS64778_in() && MM_BGP_IN(64778,1,1001); # import where MM_BGP_IN(64778,1,1001) && AS64778_in(); export where MM_BGP_OUT(64778); table T64778; } I hope my provided information to help to solve my problem. Thanks in advance! Best~ On 09/11/2013 08:21 PM, Ondrej Zajicek wrote:
On Wed, Sep 11, 2013 at 06:47:09PM +0300, Javor Kliachev wrote:
Hello,
I would like to know what will happen if we use function & filters configured at same time on import direction of given BGP procotol. Which is first pass? Till now ... But when I decided to apply and "filter import <some filter>" all conditions and rules in my applied function was totally ignored. Only the condition in the filter was checked. Hi
This is expected. "import where COND;" is just a shorthand for "import filter { if COND then accept; else reject; };"
Multiple import/export filter options are ignored, just the last one is used. If you want to mix several prepared functions/filters, then write everything as a function and use "import where FN1 && FN2 && FN3;".
-- --- Find out about our new Cloud service - Cloudware.bg <http://cloudware.bg/?utm_source=email&utm_medium=signature&utm_content=link&utm_campaign=newwebsite> Access anywhere. Manage it yourself. Pay as you go. ------------------------------------------------------------------------ *Javor Kliachev* IP Engineer Neterra Ltd. Telephone: +359 2 975 16 16 Fax: +359 2 975 34 36 www.neterra.net <http://www.neterra.net>