Alexander Demenshin <aldem-bird.2014@nk7.net> writes:
On 2014-10-04 18:16, micah wrote:
I'm just doing bgp, no OSPF, my kernel protocol already is in 'learn' mode, so I set the preference to 100000, but that didn't change anything.
Could you please post your config completely (excluding sensitive information)?
Sure, see below.
Finally, is there a way to use a more useful pager with birdc?
You can pipe output of birdc: "birdc show routes|less"
I figured that out yesterday, thanks though! I've separated my bird configuration into a main config, a peers config, and a filters config, any feedback would be very welcome. I'm also getting these regularly, which would be nice to track down: 2014-10-06 09:20:01 <ERR> Filter <NULL> did not return accept nor reject. Make up your mind Here is the main config: # logging log "/var/log/bird.log" { info, remote, warning, error, auth, fatal, bug }; # Turn on global debugging of all protocols debug protocols all; # router ID router id 38.104.127.2; # ASN define ASN = 16652; ########################################################################## ## All filters ########################################################################## # include the filters include "filters.conf"; ########################################################################## ## All our peers ########################################################################## include "peers.conf"; protocol kernel { learn; # Learn all alien routes from the kernel preference 100000; scan time 15; # Scan kernel routing table every 20 seconds import all; # Default is import all export all; # Default is export none } # This pseudo-protocol watches all interface up/down events. protocol device { scan time 15; # Scan interfaces every 10 seconds } ########################################################################## ## static routes ########################################################################## protocol static static_bgp { # prefixes that are propagated to upstream. These prefixes are represented as # unreachable routes, which seems strange but it does not matter for BGP and has # a secondary advantage that packets for AS-local but unreachable destinations are # rejected and not sent to the upstream. import all; route 204.13.164.0/24 reject; route 198.252.153.0/24 reject; route 199.254.238.0/24 reject; } Here is the peers config: ########################################################################## ## Bgp templates ########################################################################## template bgp PEERS { local as ASN; debug { states, events }; export filter bgp_out; } ########################################################################## ## uplink peers ########################################################################## ### ASN 174 - COGENT protocol bgp cogent from PEERS { description "Cogent"; source address 38.104.127.2; neighbor 38.104.127.1 as 174; password "xxx"; import filter bgp_in_cogent; # prefer cogent more than others, due to higher preference preference 500; default bgp_local_pref 500; } protocol bgp cogent_blackhole { description "Cogent blackhole server"; local as ASN; source address 199.254.238.1; neighbor 66.28.8.1 as 174; multihop 255; password "xxx"; import filter bgp_in_cogent; export filter bgp_allow_nothing_out; } protocol bgp swiftco from PEERS { description "Swiftco"; source address 208.99.192.142; neighbor 208.99.192.121 as 25700; multihop 255; password "xxx"; import filter bgp_in_swiftco; default bgp_local_pref 80; export none; } table t_spamd; protocol bgp bgp_spamd { description "http://bgp-spamd.net spam feed"; source address 38.104.127.2; local as ASN; neighbor 64.142.121.62 as 65066; multihop 64; table t_spamd; export none; # default, so not really needed } Here is filters.conf: define OURNETS = [ 198.252.153.0/24, 199.254.238.0/24, 204.13.164.0/24 ]; define PEER_ASNS = [ 174, 25700 ]; ########################################################################## ## print information about the route being filtered ########################################################################## # This function excludes weird networks # 169.254.0.0/16+ - IANA reserved "link local" block - hosts obtain these addresses through auto-configuration # 0.0.0.0/0 - default route # 192.168.0.0/16+, 10.0.0.0/8+, 172.16.0.0/12+ - RFC1918 # 224.0.0.0/3+ - class D multicast # 240.0.0.0/4+ - class E multicast function martians() { return net ~ [ 169.254.0.0/16+, 192.168.0.0/16+, 10.0.0.0/8+, 172.24.0.0/13+, 172.25.0.0/16+, 172.26.0.0/16+, 172.27.0.0/16+, 172.28.0.0/16+, 172.29.0.0/16+, 172.30.0.0/16+, 172.31.0.0/16+, 224.0.0.0/4+, 240.0.0.0/4+, 0.0.0.0/32-, 0.0.0.0/0{25,32}, 0.0.0.0/0{0,7}, 127.0.0.0/8+ ]; # this is a function, we should filter in a filter # # Avoid RFC1918 and similar networks # if net ~ martians then return false; # # return true; } function local_network() { return net ~ OURNETS; } function rt_import_all(int asn) { if martians() || local_network() then return false; if bgp_path.first != asn then return false; if bgp_path.len > 64 then return false; # not sure this works with multi-hop, so disabling # if bgp_next_hop != from then return false; return true; } function rt_export() { if proto = "static_bgp" then return true; if source != RTS_BGP then return false; if martians() then return false; if bgp_path.len > 64 then return false; return bgp_path.first ~ PEER_ASNS; } function rt_export_all() { if proto = "static_bgp" then return true; if source != RTS_BGP then return false; if martians() then return false; if bgp_path.len > 64 then return false; return true; } filter bgp_in_cogent { if ! rt_import_all(174) then reject; accept; } filter bgp_in_swiftco { if ! rt_import_all(25700) then reject; accept; } # for outgoing BGP we do not want to announce anything but our own nets filter bgp_out { if proto = "swiftco" then { bgp_path.prepend(ASN); bgp_path.prepend(ASN); bgp_path.prepend(ASN); } # only allow our networks that are statically configured to be announced if ! rt_export() then { reject; } accept; } filter bgp_allow_nothing_out { reject; }