On Mon, Jul 13, 2020 at 09:32:16AM +0300, Javor Kliachev wrote:
Hello,
We're using BIRD 1.6.4 as Route Server.
Recently we have implemented ROA prefix validation but we have hit the issue with prefixes that are aggregated only.
What do I mean: When the prefix is aggregate and has something like 1234 { 10, 20 } in AS_PATH in last asn, bgp_path.last value returns zero ( 0 ). As result of this we just discarding such prefixes. ... Could someone BIRD developer to suggest some solution for this issue? Thanks in advance!
Hi This is expected behavior, see RFC 6907 7.1.9: Comment: In the spirit of [RFC6472], any route with an AS_SET in it should not be considered valid (by ROA-based validation). If the route contains an AS_SET and a covering ROA prefix exists for the route prefix, then the route should get an Invalid status. (Note: AS match or mismatch consideration does not apply.) -- Elen sila lumenn' omentielvo Ondrej 'Santiago' Zajicek (email: santiago@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) "To err is human -- to blame it on a computer is even more so."