I think Maria means sharing the smallest possible configuration that still reproduces the problem. If the problem is a result of the filters, then keeping those in place to help debug. I'd also be happy to try and debug your configuration as a whole (I wrote https://github.com/neptune-networks/peering so I'm a bit familiar with what the generator is intended to do). If you do decide to share the full config, please don't post it in the contents of the email as it can get truncated and the line numbers will be mixed up. Perhaps a Gist or pastebin would help here. Regarding:
P.S I need to find a guide on how to do bird2 and RPKI as well.
I've written about this in https://brooks.sh/2019/11/11/validating-bgp-routes-with-rpki-in-bird/, which was in part the inspiration for the repository you're using to generate your BIRD configuration. Hope that helps. On Fri, Aug 14, 2020 at 3:44 PM Skyler Mäntysaari <sm@samip.fi> wrote:
I'm using version 2.0.7, running on Ubuntu 20.04.
Do you mean minimal config regarding the filters or the whole thing?
On Fri, Aug 14, 2020, at 02:15, Maria Matejka wrote:
I'm unable to reproduce the reported behavior. Could you please try to reduce your config to a minimum config that would reproduce this behavior? What version are you using?
Thanks, Maria
On 8/13/20 5:46 PM, Skyler Mäntysaari wrote:
Line 360 is the prefix_is_bogon if statement.
The bogon lists can be seen from:
https://github.com/neptune-networks/peering/blob/master/out/router.fqdn.exam...
----------------------------------------------------------- if prefix_is_bogon() then reject "prefix is bogon - REJECTING ", net; ----------------------------------------------------------- function prefix_is_bogon() { if net.type = NET_IP4 then if net ~ BOGONS_4 then return true; if net.type = NET_IP6 then if net ~ BOGONS_6 then return true; return false; } -----------------------------------------------------------
P.S Please do not reply to me directly, but to the list.
On 13/08/2020 18.41, Maria Matějka wrote:
Hello! The error message tells you that you are passing something strange to the condition on line 360. What do you have on line 360? Maria
On August 13, 2020 4:46:12 PM GMT+02:00, "Skyler Mäntysaari" <sm@samip.fi> wrote:
Hi there,
I'm using the template from
https://github.com/neptune-networks/peering/blob/master/out/router.fqdn.exam...
for my filters, and I'm getting argument related errors in logs.
What's the issue with those filters?
P.S I need to find a guide on how to do bird2 and RPKI as well.
Logs:
2020-08-13 17:37:47 <ERR> filters, line 360: Argument 1 of
instruction
FI_CONDITION must be of type T_BOOL, got 0x00 2020-08-13 17:37:47 <ERR> filters, line 360: Argument 1 of
instruction
FI_CONDITION must be of type T_BOOL, got 0x00 2020-08-13 17:37:47 <ERR> filters, line 360: Argument 1 of
instruction
FI_CONDITION must be of type T_BOOL, got 0x00 2020-08-13 17:37:47 <ERR> filters, line 360: Argument 1 of
instruction
FI_CONDITION must be of type T_BOOL, got 0x00 2020-08-13 17:37:47 <ERR> filters, line 360: Argument 1 of
instruction
FI_CONDITION must be of type T_BOOL, got 0x00 2020-08-13 17:37:47 <ERR> ...
Bird config, the filter functions:
# --- Filters (technically functions) --- function default_import() { if bgp_path.len > 32 then reject "AS_PATH len [", bgp_path.len ,"] longer than 32 -
REJECTING
", net;
if prefix_is_in_global_blacklist() then reject "prefix is in global blacklist - REJECTING ", net;
if is_own_prefix() then reject "prefix is our own - REJECTING ", net;
if is_own_internal_prefix() then { if !prefix_is_in_global_whitelist() then reject "prefix is our own and internal - REJECTING ", net; }
if prefix_is_bogon() then reject "prefix is bogon - REJECTING ", net;
if net.type = NET_IP4 then if !is_prefix_length_valid(8, 24) then reject "prefix len [", net.len, "] not in 8-24 - REJECTING
", net;
if net.type = NET_IP6 then if !is_prefix_length_valid(12, 56) then reject "prefix len [", net.len, "] not in 12-56 - REJECTING
", net;
#perform_rpki_validation();
if route_is_rpki_invalid() then reject "RPKI, route is INVALID - REJECTING ", net;
add_region_community(); add_site_community(); honor_graceful_shutdown();
accept; }
function peer_import() { scrub_communities_in(); add_peer_community(); default_import(); }
function peer_export() { strip_private_asns(); add_global_prepends();
if is_own_prefix() then accept;
if route_is_rpki_invalid() then reject "RPKI, route is INVALID - NOT ANNOUNCING ", net;
if is_own_internal_prefix() then { if !prefix_is_in_global_whitelist() then reject "prefix is our own and internal - NOT ANNOUNCING ",
net;
}
if net.type = NET_IP4 then if !is_prefix_length_valid(8, 24) then reject "prefix len [", net.len, "] not in 8-24 - REJECTING
", net;
if net.type = NET_IP6 then if !is_prefix_length_valid(12, 48) then reject "prefix len [", net.len, "] not in 12-48 - REJECTING
", net;
if prefix_is_bogon() then reject "prefix is bogon - NOT ANNOUNCING ", net;
if as_path_contains_invalid_asn() then reject "AS_PATH [", bgp_path ,"] contains invalid ASN -
REJECTING
", net;
if should_not_export_to_site() then reject "NO_EXPORT community in place for site - NOT
ANNOUNCING ", net;
if should_not_export_to_region() then reject "NO_EXPORT community in place for region - NOT
ANNOUNCING ",
net;
if should_not_export_to_peers() then reject "NO_EXPORT community in place for peers - NOT
ANNOUNCING ", net;
if prefix_is_in_global_blacklist() then reject "prefix is in global blacklist - REJECTING ", net;
if was_learned_from_customer() then accept;
reject; }
function upstream_import() { scrub_communities_in(); add_upstream_community(); default_import(); }
function upstream_export() { strip_private_asns(); add_global_prepends();
if is_own_prefix() then accept;
if route_is_rpki_invalid() then reject "RPKI, route is INVALID - NOT ANNOUNCING ", net;
if is_own_internal_prefix() then { if !prefix_is_in_global_whitelist() then reject "prefix is our own and internal - NOT ANNOUNCING ",
net;
}
if net.type = NET_IP4 then if !is_prefix_length_valid(8, 24) then reject "prefix len [", net.len, "] not in 8-24 - REJECTING
", net;
if net.type = NET_IP6 then if !is_prefix_length_valid(12, 48) then reject "prefix len [", net.len, "] not in 12-48 - REJECTING
", net;
if prefix_is_bogon() then reject "prefix is bogon - NOT ANNOUNCING ", net;
if as_path_contains_invalid_asn() then reject "AS_PATH [", bgp_path ,"] contains invalid ASN -
REJECTING
", net;
if should_not_export_to_site() then reject "NO_EXPORT community in place for site - NOT
ANNOUNCING ", net;
if should_not_export_to_region() then reject "NO_EXPORT community in place for region - NOT
ANNOUNCING ",
net;
if should_not_export_to_upstreams() then reject "NO_EXPORT community in place for upstreams - NOT
ANNOUNCING
", net;
if prefix_is_in_global_blacklist() then reject "prefix is in global blacklist - REJECTING ", net;
if was_learned_from_customer() then accept;
reject; }
function customer_import() { scrub_communities_in(); add_customer_community(); default_import(); }
function customer_export() { strip_private_asns(); add_global_prepends();
if is_own_prefix() then accept;
if route_is_rpki_invalid() then reject "RPKI, route is INVALID - NOT ANNOUNCING ", net;
if is_own_internal_prefix() then { if !prefix_is_in_global_whitelist() then reject "prefix is our own and internal - NOT ANNOUNCING ",
net;
}
if net.type = NET_IP4 then if !is_prefix_length_valid(8, 24) then reject "prefix len [", net.len, "] not in 8-24 - REJECTING
", net;
if net.type = NET_IP6 then if !is_prefix_length_valid(12, 48) then reject "prefix len [", net.len, "] not in 12-48 - REJECTING
", net;
if prefix_is_bogon() then reject "prefix is bogon - NOT ANNOUNCING ", net;
if as_path_contains_invalid_asn() then reject "AS_PATH [", bgp_path ,"] contains invalid ASN -
REJECTING
", net;
if should_not_export_to_site() then reject "NO_EXPORT community in place for site - NOT
ANNOUNCING ", net;
if should_not_export_to_region() then reject "NO_EXPORT community in place for region - NOT
ANNOUNCING ",
net;
if should_not_export_to_customers() then reject "NO_EXPORT community in place for customers - NOT
ANNOUNCING
", net;
if prefix_is_in_global_blacklist() then reject "prefix is in global blacklist - REJECTING ", net;
if was_learned_from_peer() then accept; if was_learned_from_private_peer() then accept; if was_learned_from_upstream() then accept; if was_learned_from_customer() then accept;
reject; }
function core_import() { if prefix_is_bogon() then reject;
if prefix_is_in_global_blacklist() then reject "prefix is in global blacklist - REJECTING ", net;
honor_graceful_shutdown(); accept; }
function core_export() { if prefix_is_bogon() then reject;
if prefix_is_in_global_blacklist() then reject "prefix is in global blacklist - REJECTING ", net;
if is_own_prefix() then accept; if is_own_internal_prefix() then accept; if was_learned_from_peer() then accept; if was_learned_from_private_peer() then accept; if was_learned_from_upstream() then accept; if was_learned_from_customer() then accept;
reject; }
-- This email has been checked for viruses by Avast antivirus software. https://www.avast.com/antivirus
-- Sent from my Android device with K-9 Mail. Please excuse my brevity.
------------------------------------------------------------------------ Avast logo < https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaig...
This email has been checked for viruses by Avast antivirus software. www.avast.com < https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaig...
<#DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2>