Hello Ondrej,

Many thanks for your explanation and the solution.

I have made the necessary changes according your advice but now I see following strange behaviour.

I'm trying to implement "roa filter check" in separate function but unfortunately it doesn't work.
May be I made something wrong but I don't know where or what :) 

I ask for your help again.

Here is part of my conf in the lab:

table T64778

roa table r64778 {
     roa 31.13.244.0/24 max 24 as 64778;
}

function AS64778_in() {

# This check seems not working. The network 87.120.111.0/24 is permitted which is strange.
# because it is not listed in my roa table. When I use the same but implemented in "import filter" it works.

  if roa_check(r64778, net, bgp_path.last) = ROA_INVALID then return false;


#  Fake networkf for test - it should not be accepted.
#  When I try to remove the comment bellow everything works as expected and the networks is reject successful.
#  if (net = 87.120.111.0/24) then return false;

  return true;
}


protocol pipe P64778 from PIPES {
  description "Monitoring";
  peer table T64778;
# export where bgp_out(64778);
  export where MM_PIPE_OUT(64778,[(1,1001..1999)]);
}

protocol bgp R0_252 from PEERS {
  description "0.252_Mon";
  neighbor 10.0.0.252 as 64778;
   import where AS64778_in() && MM_BGP_IN(64778,1,1001);
# import where MM_BGP_IN(64778,1,1001) && AS64778_in();
  export where MM_BGP_OUT(64778);
  table T64778;
}

I hope my provided information to help to solve my problem.

Thanks in advance!

Best~

On 09/11/2013 08:21 PM, Ondrej Zajicek wrote: