Hi Irene, looks like you're trying to put together a route server config? First thing that jumps out at me is you have "roa check" but it should be "roa_check". We have full working sample configs that are used in our continuous integration tests for IXP Manager - here's a v4 version which includes RPKI: https://github.com/inex/IXP-Manager/blob/master/data/travis-ci/known-good/ci... Loads of info on this on https://docs.ixpmanager.org/ and presentations with videos from 2019 at: https://www.ixpmanager.org/presentations Hope that helps, - Barry Irene Lalioti wrote on 25/09/2019 09:58:
Hello all,
Can you please let me know where is the syntax error in my snippet , or if it is wrong how else I should integrate it in a way bird doesn't complain? Thanks in advance!
#RPKI Check
filter bgp_in_AS1234 prefix set allnet; { include "/etc/bird/prefix-lists/AS2589-v4"; if (is_martian4()) then reject; if ! (net ~ allnet) then reject; rpki_result = roa check(r4, net, bgp_path.last_nonaggregated ); if ( rpki_result = ROA_INVALID ) then{ bgp_community.add((1234:1000:4)); reject; print "Invalid ROA ", net, " for ASN ", bgp_path.last_nonaggregated, "from AS1234" ; } if ( rpki_result = ROA_VALID ) then{ bgp_community.add((1234:1000:1)); accept; } if ( rpki_result = ROA_ UNKNOWN ) then{ bgp_community.add((1234:1000:2)); accept; print "Unknown RPKI ", net, "for ASN ", bgp_path.last_nonaggregated, "from AS1234 "; } }
-- Irene Lalioti Network Engineer Fondation RESTENA 2, avenue de l'Université L-4365 Esch/Alzette
Tel: +352 424409 1 Fax: +352 422473
-- Kind regards, Barry O'Donovan INEX Operations https://www.inex.ie/support/ +353 1 531 3339