having trouble getting default to be added to route table, says filtered out
Hi, I did a quick look at the archives and didn't see exactly what I was trying discussed. I have some border machines running bird connected to junpiers that are bgp peering with our ISPS. I have the junipers set up such that they generate a default route and send it to the border machines. I want the border machines to put it in the system routing table and then pass that on to the inside systems. Everyone is speaking bgp, one AS for the outside and one for the inside. I am running 1.4.5 (centos 7 release) here are the parts of the config that are involved: filter load_default { if net = [0.0.0.0/0] then accept; else reject; } template bgp toedge { description "bgp to edge/ISP as"; local as 65401; direct; export filter outside_only; import filter load_default; allow local as; bfd on; source address 172.18.2.10; } protocol bgp edgeA from toedge { neighbor 172.18.2.1 as 65401; debug all; } protocol bgp edgeB from toedge { neighbor 172.18.2.2 as 65401; } here's the debug output: 2016-12-30 11:28:53 <INFO> Started 2016-12-30 11:28:53 <TRACE> edgeA: Started 2016-12-30 11:28:53 <TRACE> edgeA: Connect delayed by 5 seconds 2016-12-30 11:28:57 <TRACE> edgeA: Connecting to 172.18.2.1 from local address 172.18.2.10 2016-12-30 11:28:57 <TRACE> edgeA: Connected 2016-12-30 11:28:57 <TRACE> edgeA: Sending OPEN(ver=4,as=65401,hold=240,id=01020304) 2016-12-30 11:28:57 <TRACE> edgeA: Got OPEN(as=65401,hold=90,id=ac120001) 2016-12-30 11:28:57 <TRACE> edgeA: Sending KEEPALIVE 2016-12-30 11:28:57 <TRACE> edgeA: Got KEEPALIVE 2016-12-30 11:28:57 <TRACE> edgeA: BGP session established 2016-12-30 11:28:57 <TRACE> edgeA: Connected to table master 2016-12-30 11:28:57 <TRACE> edgeA: State changed to feed 2016-12-30 11:28:57 <TRACE> edgeA < added 198.48.100.20/32 dev lo 2016-12-30 11:28:57 <TRACE> edgeA < added 198.48.100.21/32 dev lo 2016-12-30 11:28:57 <TRACE> edgeA < added 8.25.217.22/32 dev lo 2016-12-30 11:28:57 <TRACE> edgeA: State changed to up 2016-12-30 11:28:57 <TRACE> edgeA: Sending UPDATE 2016-12-30 11:28:57 <TRACE> edgeA: Sending End-of-RIB 2016-12-30 11:28:57 <TRACE> edgeA < filtered out 10.200.32.0/28 via 10.200.0.3 on eth4 2016-12-30 11:28:57 <TRACE> edgeA < filtered out 10.200.0.1/32 via 10.200.0.3 on eth4 2016-12-30 11:28:57 <TRACE> edgeA < filtered out 10.200.16.1/32 via 10.200.0.3 on eth4 2016-12-30 11:28:57 <TRACE> edgeA: Got KEEPALIVE 2016-12-30 11:28:57 <TRACE> edgeA: Got UPDATE 2016-12-30 11:28:57 <TRACE> edgeA: Got End-of-RIB 2016-12-30 11:28:57 <TRACE> edgeA: Got UPDATE 2016-12-30 11:28:57 <TRACE> edgeA > filtered out 0.0.0.0/0 via 172.18.2.1 on eth1 2016-12-30 11:28:58 <TRACE> edgeA < filtered out 10.200.16.1/32 via 10.200.16.3 on eth5 As you can see (second line from the bottom of the debug), it got the default advertisement from the peer and bird says it filtered it out (the other filters are correct.) I set allow-local-as for the peer and have a filter that is supposed to match and accept exactly the route that says was filtered. what am I doing wrong? BTW, I am also having trouble with setting localpref in a filter. here's the config pieces: function is_primary() { return net = [198.48.100.10/32, 198.48.100.20/32]; } function is_secondary() { return net = [8.25.217.10/32, 8.25.217.21/32]; } function is_tertiary() { return net ~ [198.48.100.0/24+, 8.25.217.0/24+]; } filter outside_only { if is_primary() then bgp_local_pref=100; else if is_secondary() then bgp_local_pref=80; else if is_tertiary() then bgp_local_pref=60; if net_outside() then accept; else reject; } They all end up on the junipers with locappref of 60. How do I do this right? thanks in advance, jerry
On Fri, Dec 30, 2016 at 12:27:13PM -0800, Jerry Scharf wrote:
Hi,
I did a quick look at the archives and didn't see exactly what I was trying discussed.
filter load_default { if net = [0.0.0.0/0] then accept;
Hi Here is the mistake - you have to use either 'net = 0.0.0.0/0' or 'net ~ [0.0.0.0/0]'. In the first case the net is compared against the default net, in the second case a membership check is computed (whether the net is a member of a prefix set of the default net). Your check is always false because prefixes and a prefix sets are different types of objects.
function is_primary() { return net = [198.48.100.10/32, 198.48.100.20/32]; }
function is_secondary() { return net = [8.25.217.10/32, 8.25.217.21/32]; }
The same problem here.
function is_tertiary() { return net ~ [198.48.100.0/24+, 8.25.217.0/24+]; }
While this is correct. -- Elen sila lumenn' omentielvo Ondrej 'Santiago' Zajicek (email: santiago@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) "To err is human -- to blame it on a computer is even more so."
Ondrej, Thank you so much for the fast response. That fixed all of it. Sorry for the noob mistake. jerry On 12/30/16 3:47 PM, Ondrej Zajicek wrote:
On Fri, Dec 30, 2016 at 12:27:13PM -0800, Jerry Scharf wrote:
Hi,
I did a quick look at the archives and didn't see exactly what I was trying discussed.
filter load_default { if net = [0.0.0.0/0] then accept; Hi
Here is the mistake - you have to use either 'net = 0.0.0.0/0' or 'net ~ [0.0.0.0/0]'. In the first case the net is compared against the default net, in the second case a membership check is computed (whether the net is a member of a prefix set of the default net).
Your check is always false because prefixes and a prefix sets are different types of objects.
function is_primary() { return net = [198.48.100.10/32, 198.48.100.20/32]; }
function is_secondary() { return net = [8.25.217.10/32, 8.25.217.21/32]; } The same problem here.
function is_tertiary() { return net ~ [198.48.100.0/24+, 8.25.217.0/24+]; } While this is correct.
-- Soundhound Devops "What could possibly go wrong?"
participants (2)
-
Jerry Scharf -
Ondrej Zajicek