How to filter VPN4 address using route-map
Hi Team, I would like to filter a VPN4 address using route-map. For example, I have the below VPN4 address learnt through BGP neighbor on "L2VPN EVPN" channel. Table vpntab4: 1:222 90.0.0.0/24 unicast [EVPN_4_4_4_4 2025-02-21] * (160) 1:100 60.0.0.0/24 unicast [BGP_4_4_4_4 17:45:37.617 from 4.4.4.4] * E (156/1) [AS400?] 4.4.4.4:222 70.0.0.0/24 unicast [BGP_4_4_4_4 17:45:37.617 from 4.4.4.4] * E (156/1) [AS400?] 1:111 151.1.1.0/24 unicast [EVPN_4_4_4_4 2025-02-21] * (160) I want to create a route-map to accept only 1:100 60.0.0.0/24 and reject all the rest. When I tried the below configuration in route-map, I got a syntax error on the below line. if(net ~ [1:100 60.0.0.0/24]) then { return 2;} Similarly, is there any way to filter the VPN4 address using its RD value ? Thanks, Ramanathan
Hi Ramanathan. We do not currently support such prefix set (your route map) filtering. But you can use the following approach instead: if net.rd = 1:100 && net ~ [ 60.0.0.0/24 ] then ... I hope this helps. Jana Jana Babovakova | BIRD Tech Support | CZ.NIC, z.s.p.o. On 23. 02. 25 3:55, Ramanathan Selvamani wrote:
Hi Team, I would like to filter a VPN4 address using route-map. For example, I have the below VPN4 address learnt through BGP neighbor on "L2VPN EVPN" channel.
Table vpntab4: 1:222 90.0.0.0/24 unicast [EVPN_4_4_4_4 2025-02-21] * (160) 1:100 60.0.0.0/24 unicast [BGP_4_4_4_4 17:45:37.617 from 4.4.4.4] * E (156/1) [AS400?] 4.4.4.4:222 70.0.0.0/24 unicast [BGP_4_4_4_4 17:45:37.617 from 4.4.4.4] * E (156/1) [AS400?] 1:111 151.1.1.0/24 unicast [EVPN_4_4_4_4 2025-02-21] * (160)
I want to create a route-map to accept only 1:100 60.0.0.0/24 and reject all the rest.
When I tried the below configuration in route-map, I got a syntax error on the below line.
if(net ~ [1:100 60.0.0.0/24]) then { return 2;}
Similarly, is there any way to filter the VPN4 address using its RD value ?
Thanks, Ramanathan
On Mon, Feb 24, 2025 at 11:31:41AM +0100, Jana Babovakova via Bird-users wrote:
Hi Ramanathan.
We do not currently support such prefix set (your route map) filtering. But you can use the following approach instead:
if net.rd = 1:100 && net ~ [ 60.0.0.0/24 ] then ...
Hi I must say i am surprised that net ~ [...] works, but seems like it does. We have operators to access separate elementary parts of VPN addresses: bird> eval (1:100 60.0.0.0/24).rd 1:100 bird> eval (1:100 60.0.0.0/24).ip 60.0.0.0 bird> eval (1:100 60.0.0.0/24).len 24 But nothing to access the prefix part as a whole. We generally distinguish nets of different types, but in ~ operator against a prefix set there is an implicit conversion from complex net to just a prefix, so we get these counterintuitive results: bird> eval (1:100 60.0.0.0/24) = 60.0.0.0/24 FALSE bird> eval (1:100 60.0.0.0/24) ~ [ 60.0.0.0/24 ] TRUE I think it is undocumented and untested behavior (at least i do not see it tested in filter/test.conf). We could add an appropriate test into filter/test.conf . And we could add some explicit accessor. -- Elen sila lumenn' omentielvo Ondrej 'Santiago' Zajicek (email: santiago@crfreenet.org) "To err is human -- to blame it on a computer is even more so."
participants (3)
-
Jana Babovakova -
Ondrej Zajicek -
Ramanathan Selvamani