В письме от 7 ноября 2013 16:05:50 пользователь John Jensen написал:
Hi,
We're about to migrate our exchange to a /23 and we're likely going to do it over time. I have a simple filter in place to check and make sure that the NEXT_HOP is within our exchange's subnet. Originally it looked like this:
function check_ixp_next_hop(ip nexthop) prefix ixpnet; { ixpnet = x.x.x.x/24; if ! (nexthop ~ ixpnet) then return false; return true; }
And then within the inbound filter for each peer's ASN:
if ! (check_ixp_next_hop(bgp_next_hop)) then reject;
Since we're going to be caring about two distinct prefixes while we perform the migration, I changed the filter to look like this:
function check_ixp_next_hop(ip nexthop) prefix set ixpnet; { ixpnet = [ x.x.x.x/24, y.y.y.y/23 ];
Also, pay attention, you should use something like ixpnet = [ x.x.x.x/24+, y.y.y.y/23+ ]; To match subnets.
if ! (nexthop ~ ixpnet) then return false; return true; }
Even simpler: ------------- function check_ixp_next_hop(ip nexthop) { return nexthop ~ [ x.x.x.x/24+, y.y.y.y/23+ ]; } -- SP5474-RIPE Sergey Popovich