Even using the correct syntax as described by Ondrej I am not able to get this to work. When I try, I get the following error in my logs:

filters, line 117: ~ applied on unknown type pair

I am trying to build filters that check multiple things, add a community for each thing (if it is true), then reject the route if any of the communities exist. It doesn't seem like it's possible to check if any member of a set is in another set - only if a particular element is in another set.

I.e. I can do

(1,2,3) ~ bgp_large_community

but not

[(1,2,*)] ~ bgp_large_community

Can anyone confirm? Is this possible via a different method?

Thanks!

On Thu, Oct 29, 2020 at 2:49 PM Ondrej Zajicek <santiago@crfreenet.org> wrote:

On Thu, Oct 29, 2020 at 10:00:58AM -0400, Brooks Swinnerton wrote:
> Hello,
>
> I was wondering if it's possible to create a conditional that matches on a
> wildcard for a part of a BGP large community. For example:
>
> if ([*, 600, 6939]) ~ bgp_large_community then
> reject;

Hello

Note that it would be [(*, 600, 6939)], not ([*, 600, 6939]).

But for large communities, BIRD allows wildcard only on the more specific part.
You can have [(64496, 600, *)], [(64496, *, *)] or even [(*, *, *)], but not
[(*, 600, 6939)].

Also, wildcard (*, 600, 6939) does not really make sense, as meaning of
the second and third part is determined by the first (global admin), and
may be different for different first parts.

--
Elen sila lumenn' omentielvo

Ondrej 'Santiago' Zajicek (email: santiago@crfreenet.org)
OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net)
"To err is human -- to blame it on a computer is even more so."