I think you have check for (0,3) ~ bgp_community when you piping towards as3 peer. This: export where bgp_out(2); Looks like to be for piping towards as2 peer. And this filter should pass such communities of course. On Mon, Apr 6, 2020 at 10:32 PM Fabiano D'Agostino <fabiano.dagostino96@gmail.com> wrote:
Thank you I was able to solve in this way: My testing network is made up of router server (as1), router2(as2), router3 (as3). The goal: as2's routes don't have to be announced to as3 route server conf: function bgp_out(int peerID) { if(0,peerID) ~ bgp_community then return false; return true; } protocol pipe as2 { import something; export where bgp_out(2); } protocol bgp { ipv4 {import/export all;}}
router2 config: protocol bgp { ipv4 { import all; export filter {bgp_community.add((0,3)); }; } }
With this configuration AS3 doesn't receive AS2's routes anymore. But I have a question, why the if condition is true? It should be if (0,2) ~ (is inside) [(0,3),..], isn't it?
Thanks,
Il giorno lun 6 apr 2020 alle ore 21:06 Alexander Zubkov <green@qrator.net> ha scritto:
You have to configure export filter with something like: bgp_community.add((x,y)); This is for community written as x:y on most hardware routers.
On Mon, Apr 6, 2020 at 8:57 PM Fabiano D'Agostino <fabiano.dagostino96@gmail.com> wrote:
Thanks for your helping, How do I set in my router (AS2) the community to the exported routes? I don't understand this.
Il giorno lun 6 apr 2020 alle ore 20:26 Alexander Zubkov <green@qrator.net> ha scritto:
OK. So you have some route x.x.x.x/y that you receive from AS2 by protocol bgp pb_0002_as2?
1) it is received via bgp pb_0002_as2 into table t_0002_as2 2) it is piped from table t_0002_as2 to master4 with filter f_export_to_master (missing in your config) 3) it is piped from table master4 to t_0005_as3 with filter where ixp_community_filter(3) (ixp_community_filter is also missing) 4) it is exported to bgp pb_0005_as3
At which point do you think it should be filtered and why? As I see, your routers (AS2) do not set any communities to the exported routes, so if you do not set them in any of those missing filters, then your check for the presence of the community will not fire.
On Mon, Apr 6, 2020 at 7:03 PM Fabiano D'Agostino <fabiano.dagostino96@gmail.com> wrote:
This is the bird.conf of the route server: https://pastebin.com/qwp6nBtz This is the bird.conf of one router: https://pastebin.com/trwgKG92
Why does AS3 still receive routes from AS2? What am I missing?
Thanks,
Il giorno lun 6 apr 2020 alle ore 18:13 Alexander Zubkov <green@qrator.net> ha scritto:
It is really hard to guess what routes you have actually in your bird's table and how your bird is configured.
> I just edited the bird.conf of the route server, should I also edit the bird.conf of the routers which are peering with the route server?
Filters on peers can affect only communities you are sending and other attributes, but they do not affect directly the logic of your route server's filters, there is no magic here.
On Mon, Apr 6, 2020 at 6:08 PM Fabiano D'Agostino <fabiano.dagostino96@gmail.com> wrote: > > Does 'show route where' exist as command? Because I have syntax error. > Anyway I set up my route server as here: > https://www.slideshare.net/apnic/bird-routing-daemon > But I am having the problem described here: > https://bird.network.cz/pipermail/bird-users/2010-September/001620.html > > I just edited the bird.conf of the route server, should I also edit the bird.conf of the routers which are peering with the route server? > > Thanks, > > Il giorno lun 6 apr 2020 alle ore 17:50 Alexander Zubkov <green@qrator.net> ha scritto: >> >> Have you tried to check that in cli like: >> show route where bgp_out(...) >> And check that required route has all needed communities: >> show route all x.x.x.x/y >> >> On Mon, Apr 6, 2020 at 5:35 PM Fabiano D'Agostino >> <fabiano.dagostino96@gmail.com> wrote: >> > >> > Hey, >> > thank you! I think I am having the same problem they had here: >> > https://bird.network.cz/pipermail/bird-users/2010-September/001620.html >> > >> > But I didn't understand how they solved. >> > >> > Regards, >> > Fabiano >> > >> > Il giorno lun 6 apr 2020 alle ore 17:16 Cybertinus <bird@cybertinus.nl> ha scritto: >> >> >> >> Hello Fabiano, >> >> >> >> >> >> BGP Communities are basically tags you add to a prefix that is received from, or send to, a peer. And in Bird you can do whatever you want with these communities. A community by itself has no meaning and has no influence on the routing decision whatsoever. It is the meaning you add to it in your configuration what makes them work. >> >> >> >> More information about communities: https://en.wikipedia.org/wiki/Border_Gateway_Protocol#Communities >> >> >> >> >> >> Kind regards, >> >> Cybertinus >> >> >> >> >> >> On 2020-04-06 17:03, Fabiano D'Agostino wrote: >> >> >> >> and how these kind of checks are handled? >> >> if (myas,peeras) ~ bgp_community what is bgp_community? >> >> >> >> Thanks, >> >> >> >> Il giorno lun 6 apr 2020 alle ore 15:32 Fabiano D'Agostino <fabiano.dagostino96@gmail.com> ha scritto: >> >> >> >> Thank you, but "if the route does not come from BGP then false" >> >> here I have: >> >> protocol pipe a { >> >> table master; >> >> mode transparent; >> >> peer table a; >> >> import all; >> >> export where bgp_out(x); => this becomes false, what does this mean? >> >> #export all; >> >> } >> >> >> >> Thanks, >> >> >> >> Il giorno lun 6 apr 2020 alle ore 10:50 Bernd Naumann <bena@spreadshirt.net> ha scritto: >> >> >> >> On 05.04.20 23:08, Fabiano D'Agostino wrote: >> >> > Good evening, >> >> > could someone explain me the meaning of these lines? >> >> > >> >> > function bgp_out(int peeras) >> >> > { >> >> > if ! (source = RTS_BGP ) then return false; >> >> > if peeras > 65535 then return true; ### communities do not support AS32 >> >> > if (0,peeras) ~ bgp_community then return false; >> >> > if (myas,peeras) ~ bgp_community then return true; >> >> > if (0, myas) ~ bgp_community then return false; >> >> > return true; >> >> > } >> >> > >> >> > Thanks, >> >> > >> >> > Fabiano >> >> > >> >> >> >> Morning, >> >> >> >> I can not cover the whole section but as a start... >> >> >> >> * if the route does not come from BGP then false (routing table source?) >> >> * if the remote AS Number is greater 65535 (16 Bit) then "just" return >> >> true (see AS 32 Bit Numbers, and the non-support of older >> >> devices/implementations) >> >> * For the next 3 I'm not 100% sure how to read but I found >> >> https://bird-users.network.narkive.com/3uDbo6H9/any-ix-willing-to-share-thei... >> >> >> >> ``` >> >> 0:XXXXX - Do not announce route to peer XXXXX >> >> 0:MyASN - Do not announce route to all peers >> >> MyASN:XXXXX - Announce route to peer XXXXX only >> >> MyASN:MyASN - Announce routes to all peers. This community is >> >> automatically added to all routes that are not >> >> tagged with any of MyASN:XXXXX communities. >> >> ``` >> >> >> >> Maybe this helps a little bit. >> >> >> >> Bernd