Hello. i'm trying to configure bird for working with uplinks and downlinks with this example: https://gitlab.labs.nic.cz/labs/bird/wikis/BGP_filtering i'm using truncated function: function rt_export() { if proto = "static_bgp" then return true; if source != RTS_BGP then return false; return bgp_path.first ~ [ downlink1AS, downlink2AS ]; } But this incorrectly works - bird trying to export my full-view to uplink. Then, when i changed to if ( bgp_path.len = 2 ) && ( bgp_path.first = myAS ) then return bgp_path ~ [ downlink1AS, downlink2AS ]; ...it works. What i'm (or my bird) doing wrong? Or maybe this example is not correct?
On lun. 21 août 20:29:25 2017, nixx wrote:
Hello.
i'm trying to configure bird for working with uplinks and downlinks with this example: https://gitlab.labs.nic.cz/labs/bird/wikis/BGP_filtering
i'm using truncated function:
function rt_export() { if proto = "static_bgp" then return true; if source != RTS_BGP then return false; return bgp_path.first ~ [ downlink1AS, downlink2AS ]; }
But this incorrectly works - bird trying to export my full-view to uplink.
Then, when i changed to
if ( bgp_path.len = 2 ) && ( bgp_path.first = myAS ) then return bgp_path ~ [ downlink1AS, downlink2AS ];
...it works.
What i'm (or my bird) doing wrong? Or maybe this example is not correct?
Hi, When you export a route with BGP, the first ASN is yours, unless you act as a route-reflector or a route-server. But the first will never be any of your downstreams. On the above example, the first range originate from the organisation ASN and the next are transit customers : % birdc6 show route all export bgp_quantic BIRD 1.6.3 ready. 2a00:5884::/32 unreachable [static_grifon_allocations 2017-07-29] * (200) Type: static unicast univ BGP.origin: IGP BGP.as_path: 204092 BGP.next_hop: 2a06:e040:3501:101:2::2 BGP.local_pref: 100 2a06:e881:113::/48 via 2a00:5884:0:101::10 on em1.101 [bgp_guizmo34 2017-07-29] * (100) [AS205816i] Type: BGP unicast univ BGP.origin: IGP BGP.as_path: 204092 205816 BGP.next_hop: 2a06:e040:3501:101:2::2 BGP.med: 0 BGP.local_pref: 200 2001:678:3cc::/48 via 2a00:5884::25 on em1 [bgp_petrus 2017-07-29] * (100) [AS206155i] Type: BGP unicast univ BGP.origin: IGP BGP.as_path: 204092 206155 BGP.next_hop: 2a06:e040:3501:101:2::2 BGP.local_pref: 200 BGP.large_community: (206155, 200, 0) -- alarig
On Mon, Aug 21, 2017 at 08:29:25PM +0300, nixx wrote:
Hello.
function rt_export() { if proto = "static_bgp" then return true; if source != RTS_BGP then return false; return bgp_path.first ~ [ downlink1AS, downlink2AS ]; }
But this incorrectly works - bird trying to export my full-view to uplink.
Then, when i changed to
if ( bgp_path.len = 2 ) && ( bgp_path.first = myAS ) then return bgp_path ~ [ downlink1AS, downlink2AS ];
...it works.
What i'm (or my bird) doing wrong? Or maybe this example is not correct?
Hello You are right, the example is not correct. Counterintuitively, the local AS number is prepended first and after that the filter is applied. Therefore, as Alarig Le Lay mentioned, bgp_path.first is always the local AS number in EBGP export filter. We will change this in BIRD 2.0. But i am not sure why it is trying to export full-view to uplink, it should export none (unless one of downlinkAS is the same as myAS). You could try to use BGP path matching using BGP mask, like: return (bgp_path ~ [= myAS downlink1AS * =]) || (bgp_path ~ [= myAS downlink2AS * =]); -- Elen sila lumenn' omentielvo Ondrej 'Santiago' Zajicek (email: santiago@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) "To err is human -- to blame it on a computer is even more so."
On Mon, Aug 21, 2017 at 08:29:25PM +0300, nixx wrote:
Hello.
function rt_export() { if proto = "static_bgp" then return true; if source != RTS_BGP then return false; return bgp_path.first ~ [ downlink1AS, downlink2AS ]; }
But this incorrectly works - bird trying to export my full-view to uplink.
Then, when i changed to
if ( bgp_path.len = 2 ) && ( bgp_path.first = myAS ) then return bgp_path ~ [ downlink1AS, downlink2AS ];
...it works.
What i'm (or my bird) doing wrong? Or maybe this example is not correct?
Hello You are right, the example is not correct. Counterintuitively, the local AS number is prepended first and after that the filter is applied. Therefore, as Alarig Le Lay mentioned, bgp_path.first is always the local AS number in EBGP export filter. We will change this in BIRD 2.0. But i am not sure why it is trying to export full-view to uplink, it should export none (unless one of downlinkAS is the same as myAS). You could try to use BGP path matching using BGP mask, like: return (bgp_path ~ [= myAS downlink1AS * =]) || (bgp_path ~ [= myAS downlink2AS * =]); -- Elen sila lumenn' omentielvo Ondrej 'Santiago' Zajicek (email: santiago@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) "To err is human -- to blame it on a computer is even more so."
participants (3)
-
Alarig Le Lay -
nixx -
Ondrej Zajicek