Hello,

We're using BIRD 1.6.4 as Route Server.

Recently we have implemented ROA prefix validation but we have hit the issue with prefixes that are aggregated only.

What do I mean: When the prefix is aggregate and has something like 1234 { 10, 20 } in AS_PATH in last asn, bgp_path.last value returns zero ( 0 ). As result of this we just discarding such prefixes.

Our approach is the following:

1) We're using static RoA tables with prefixes for example:

roa table r1234 {
             roa 10.10.10.0/24 max 32 as 1234;
             roa 10.10.11.0/24 max 32 as 1234;
             roa 10.10.12.0/24 max 32 as 1234;
}

2) Then create a different function for each member like this and applying it on each protocol BGP as latest function:

function AS1234_roa() {

  if roa_check(r1234, net, bgp_path.last) = ROA_INVALID then {

     print "ROA check failed: invalid prefix - ", net, " origin ASN ", bgp_path.last , " - AS-PATH", bgp_path , " via ", proto; return false;

 }

 if roa_check(r1234, net, bgp_path.last) = ROA_UNKNOWN then {

 print "ROA check failed: unallowed prefix - ", net, " origin ASN ", bgp_path.last , " - AS-PATH", bgp_path , " via ", proto; return false;

 }
  return true;
}

Could someone BIRD developer to suggest some solution for this issue?

Thanks in advance!

Best~
--
---

Javor Kliachev

Senior Engineer IP Services

office:+359 2 974 33 11
mobile:+359 885 98 84 95

www.neterra.net