Hello, We are running a small IX for around 20 members. A few months ago we moved on Bird and actually I am trying to add some standard communities to prepend or stop annoucing own prefixes to other members but can’t find examples on Bird docs nor by Google. All I found looks limited only to adding fixed community only. I think it is standard and may both work on filters for main table or via pipe import/export filters. But still – I can’t discover how to get and process (to block export) or announce (with prepend) received community. Could you please direct me (or send) some examples how to do this? Thank you, Peter
Dear Peter, I strongly recommend to use a framework that generates your routeserver configuration. By leveraging an existing framework you pull in important features like prefix filtering and you leverage the work that others have done before you. I've had good success with arouteserver: http://arouteserver.readthedocs.io/en/latest/ Kind regards, Job On Thu, Dec 28, 2017 at 4:41 PM, Piotr Marciniak <zboj@mnc.pl> wrote:
Hello,
We are running a small IX for around 20 members. A few months ago we moved on Bird and actually I am trying to add some standard communities to prepend or stop annoucing own prefixes to other members but can’t find examples on Bird docs nor by Google. All I found looks limited only to adding fixed community only.
I think it is standard and may both work on filters for main table or via pipe import/export filters. But still – I can’t discover how to get and process (to block export) or announce (with prepend) received community.
Could you please direct me (or send) some examples how to do this?
Thank you,
Peter
On Thu, Dec 28, 2017 at 05:41:44PM +0100, Piotr Marciniak wrote:
Hello,
We are running a small IX for around 20 members. A few months ago we moved on Bird and actually I am trying to add some standard communities to prepend or stop annoucing own prefixes to other members but can’t find examples on Bird docs nor by Google. All I found looks limited only to adding fixed community only.
I think it is standard and may both work on filters for main table or via pipe import/export filters. But still – I can’t discover how to get and process (to block export) or announce (with prepend) received community.
Could you please direct me (or send) some examples how to do this?
Hello There are some examples in BIRD wiki, mainly: https://gitlab.labs.nic.cz/labs/bird/wikis/Route_server_with_community_based... https://gitlab.labs.nic.cz/labs/bird/wikis/Route_server_with_community_based... -- Elen sila lumenn' omentielvo Ondrej 'Santiago' Zajicek (email: santiago@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) "To err is human -- to blame it on a computer is even more so."
Thank you. I could not find it. Best wishes for 2018. Peter On Thu, Dec 28, 2017 at 05:41:44PM +0100, Piotr Marciniak wrote:
Hello,
We are running a small IX for around 20 members. A few months ago we moved on Bird and actually I am trying to add some standard communities to prepend or stop annoucing own prefixes to other members but can’t find examples on Bird docs nor by Google. All I found looks limited only to adding fixed community only.
I think it is standard and may both work on filters for main table or via pipe import/export filters. But still – I can’t discover how to get and process (to block export) or announce (with prepend) received community.
Could you please direct me (or send) some examples how to do this?
Hello There are some examples in BIRD wiki, mainly: https://gitlab.labs.nic.cz/labs/bird/wikis/Route_server_with_community_based... https://gitlab.labs.nic.cz/labs/bird/wikis/Route_server_with_community_based... -- Elen sila lumenn' omentielvo Ondrej 'Santiago' Zajicek (email: santiago@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) "To err is human -- to blame it on a computer is even more so."
Hello, I've spent a while on below docs and faced a problem with 4B ASN we use. Bird reports an error 'when 'myas' is 4B => so above 65535. See some testing example below: bird> configure Reading configuration from /etc/bird/bird.conf /etc/bird/bird.conf, line 81: Value 165250 out of range (0-65535) The only way this config reports no error is to set here private ASn - fe. 65250. But it will never match our real ASn. Two questions: 1. Is it possible to enable 4B ASn for communities in Bird? Will it work with other rouers? 2. Can we use instead private ASn just for community filters? Are they processed corretly by other Internet routers of our peers? Or maybe there is another work around? Best wishes, Peter -----Oryginalna wiadomość----- From: Piotr Marciniak Sent: Friday, December 29, 2017 5:01 PM To: Ondrej Zajicek Cc: bird-users@network.cz Subject: Re: Community for small IX There are some examples in BIRD wiki, mainly: https://gitlab.labs.nic.cz/labs/bird/wikis/Route_server_with_community_based... https://gitlab.labs.nic.cz/labs/bird/wikis/Route_server_with_community_based... -- Elen sila lumenn' omentielvo Ondrej 'Santiago' Zajicek (email: santiago@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) "To err is human -- to blame it on a computer is even more so."
Hello, Community is a 32bit number, represented as a pair of 2 16bit numbers. That is why you can not use big AS numbers in its components. But if your and your peer's equipment supports large communities - you can use them. They have 3 32bit components. On Mon, Jan 22, 2018 at 11:15 AM, Piotr Marciniak <zboj@mnc.pl> wrote:
Hello,
I've spent a while on below docs and faced a problem with 4B ASN we use. Bird reports an error 'when 'myas' is 4B => so above 65535. See some testing example below:
bird> configure Reading configuration from /etc/bird/bird.conf /etc/bird/bird.conf, line 81: Value 165250 out of range (0-65535)
The only way this config reports no error is to set here private ASn - fe. 65250. But it will never match our real ASn.
Two questions:
1. Is it possible to enable 4B ASn for communities in Bird? Will it work with other rouers? 2. Can we use instead private ASn just for community filters? Are they processed corretly by other Internet routers of our peers?
Or maybe there is another work around?
Best wishes,
Peter
-----Oryginalna wiadomość----- From: Piotr Marciniak Sent: Friday, December 29, 2017 5:01 PM To: Ondrej Zajicek Cc: bird-users@network.cz Subject: Re: Community for small IX
There are some examples in BIRD wiki, mainly:
https://gitlab.labs.nic.cz/labs/bird/wikis/Route_server_with _community_based_filtering_and_multiple_RIBs https://gitlab.labs.nic.cz/labs/bird/wikis/Route_server_with _community_based_filtering_and_single_RIB
-- Elen sila lumenn' omentielvo
Ondrej 'Santiago' Zajicek (email: santiago@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) "To err is human -- to blame it on a computer is even more so."
Hello I'm using some dirty trick for this (It's example for some peer. Configs is generating automatically, so template is the same for all peers, changes only currentas variable) filter Peer_export int currentas; int myas; { currentas = 20000; myas = 50000; if (currentas = 123456) then { currentas = 65502; } if (currentas = 123457) then { currentas = 65504; } if (currentas = 123458) then { currentas = 65501; } if ( (1,currentas) ~ bgp_community ) then { bgp_path.prepend(bgp_path.first); } if ( (2,currentas) ~ bgp_community ) then { bgp_path.prepend(bgp_path.first); bgp_path.prepend(bgp_path.first); } if ( (3,currentas) ~ bgp_community ) then { bgp_path.prepend(bgp_path.first); bgp_path.prepend(bgp_path.first); bgp_path.prepend(bgp_path.first); } if (0, currentas) ~ bgp_community then reject; if (currentas,myas) ~ bgp_community then accept; if (59712,5000) ~ bgp_community then accept; if (0, myas) ~ bgp_community then reject; } And my peers using 655xx AS in community for prefix control. I'm understanding that it's not the best and most elegant solution, but it works. 22.01.2018 15:15, Piotr Marciniak пишет:
Hello,
I've spent a while on below docs and faced a problem with 4B ASN we use. Bird reports an error 'when 'myas' is 4B => so above 65535. See some testing example below:
bird> configure Reading configuration from /etc/bird/bird.conf /etc/bird/bird.conf, line 81: Value 165250 out of range (0-65535)
The only way this config reports no error is to set here private ASn - fe. 65250. But it will never match our real ASn.
Two questions:
1. Is it possible to enable 4B ASn for communities in Bird? Will it work with other rouers? 2. Can we use instead private ASn just for community filters? Are they processed corretly by other Internet routers of our peers?
Or maybe there is another work around?
Best wishes,
Peter
-----Oryginalna wiadomość----- From: Piotr Marciniak Sent: Friday, December 29, 2017 5:01 PM To: Ondrej Zajicek Cc: bird-users@network.cz Subject: Re: Community for small IX
There are some examples in BIRD wiki, mainly:
https://gitlab.labs.nic.cz/labs/bird/wikis/Route_server_with_community_based...
https://gitlab.labs.nic.cz/labs/bird/wikis/Route_server_with_community_based...
Thank you - I don't think we will need aliases for 4B ASn, but if we do - yest, it is nice example. Thank you again, Piotr Marciniak -----Oryginalna wiadomość----- From: Vasily Oleynikov Sent: Tuesday, January 23, 2018 10:36 AM To: Piotr Marciniak ; bird-users@network.cz Subject: Re: Community for small IX - problem with 4B ASN Hello I'm using some dirty trick for this (It's example for some peer. Configs is generating automatically, so template is the same for all peers, changes only currentas variable) filter Peer_export int currentas; int myas; { currentas = 20000; myas = 50000; if (currentas = 123456) then { currentas = 65502; } if (currentas = 123457) then { currentas = 65504; } if (currentas = 123458) then { currentas = 65501; } if ( (1,currentas) ~ bgp_community ) then { bgp_path.prepend(bgp_path.first); } if ( (2,currentas) ~ bgp_community ) then { bgp_path.prepend(bgp_path.first); bgp_path.prepend(bgp_path.first); } if ( (3,currentas) ~ bgp_community ) then { bgp_path.prepend(bgp_path.first); bgp_path.prepend(bgp_path.first); bgp_path.prepend(bgp_path.first); } if (0, currentas) ~ bgp_community then reject; if (currentas,myas) ~ bgp_community then accept; if (59712,5000) ~ bgp_community then accept; if (0, myas) ~ bgp_community then reject; } And my peers using 655xx AS in community for prefix control. I'm understanding that it's not the best and most elegant solution, but it works. 22.01.2018 15:15, Piotr Marciniak пишет:
Hello,
I've spent a while on below docs and faced a problem with 4B ASN we use. Bird reports an error 'when 'myas' is 4B => so above 65535. See some testing example below:
bird> configure Reading configuration from /etc/bird/bird.conf /etc/bird/bird.conf, line 81: Value 165250 out of range (0-65535)
The only way this config reports no error is to set here private ASn - fe. 65250. But it will never match our real ASn.
Two questions:
1. Is it possible to enable 4B ASn for communities in Bird? Will it work with other rouers? 2. Can we use instead private ASn just for community filters? Are they processed corretly by other Internet routers of our peers?
Or maybe there is another work around?
Best wishes,
Peter
-----Oryginalna wiadomość----- From: Piotr Marciniak Sent: Friday, December 29, 2017 5:01 PM To: Ondrej Zajicek Cc: bird-users@network.cz Subject: Re: Community for small IX
There are some examples in BIRD wiki, mainly:
https://gitlab.labs.nic.cz/labs/bird/wikis/Route_server_with_community_based... https://gitlab.labs.nic.cz/labs/bird/wikis/Route_server_with_community_based...
participants (5)
-
Alexander Zubkov -
Job Snijders -
Ondrej Zajicek -
Piotr Marciniak -
Vasily Oleynikov