Import/Export filter per peer...looking for suggestions
Hi all, We have a few bird configurations we are attempting to throw into production, but there is one thing I cannot figure out entirely. We would like to offer our participants the option to exclude in/outbound to other participants at their choosing. I have a basic setup that filters based on the 'from' ip address of the interface, but this posses a problem. Since I am using a master table this method could potentially reject a network that could have been offered through a non-preferred route (unless that is not the case?). As is the filter function simply looks like this: function bgp_out_ASXXXX(int peeras) { if ! (source = RTS_BGP ) then return false; if (0,peeras) ~ bgp_community then return false; if (myas,peeras) ~ bgp_community then return true; if (0, myas) ~ bgp_community then return false; if from = x.x.x.x then { return false; } return true; } Any suggestions? Thanks, Stephen Holmes
Disregard, I came up with a working solution. -Stephen -----Original Message----- From: owner-bird-users@atrey.karlin.mff.cuni.cz [mailto:owner-bird-users@atrey.karlin.mff.cuni.cz] On Behalf Of Stephen Holmes Sent: Wednesday, January 19, 2011 6:42 PM To: 'bird-users@bird.network.cz' Subject: Import/Export filter per peer...looking for suggestions Hi all, We have a few bird configurations we are attempting to throw into production, but there is one thing I cannot figure out entirely. We would like to offer our participants the option to exclude in/outbound to other participants at their choosing. I have a basic setup that filters based on the 'from' ip address of the interface, but this posses a problem. Since I am using a master table this method could potentially reject a network that could have been offered through a non-preferred route (unless that is not the case?). As is the filter function simply looks like this: function bgp_out_ASXXXX(int peeras) { if ! (source = RTS_BGP ) then return false; if (0,peeras) ~ bgp_community then return false; if (myas,peeras) ~ bgp_community then return true; if (0, myas) ~ bgp_community then return false; if from = x.x.x.x then { return false; } return true; } Any suggestions? Thanks, Stephen Holmes ______________________________________________________________________ This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email ______________________________________________________________________ ______________________________________________________________________ This email has been scanned by the MessageLabs Email Security System. ______________________________________________________________________
FYI, I went with a per peer pipe solution with a per ASN table, rather than using the master table. If asn A excludes out to B, do not build the pipe config for A->B, if A excludes in from B do not build pipe B->A. -Stephen -----Original Message----- From: Stephen Holmes Sent: Thursday, January 20, 2011 1:19 PM To: Stephen Holmes; 'bird-users@bird.network.cz' Subject: RE: Import/Export filter per peer...looking for suggestions Disregard, I came up with a working solution. -Stephen -----Original Message----- From: owner-bird-users@atrey.karlin.mff.cuni.cz [mailto:owner-bird-users@atrey.karlin.mff.cuni.cz] On Behalf Of Stephen Holmes Sent: Wednesday, January 19, 2011 6:42 PM To: 'bird-users@bird.network.cz' Subject: Import/Export filter per peer...looking for suggestions Hi all, We have a few bird configurations we are attempting to throw into production, but there is one thing I cannot figure out entirely. We would like to offer our participants the option to exclude in/outbound to other participants at their choosing. I have a basic setup that filters based on the 'from' ip address of the interface, but this posses a problem. Since I am using a master table this method could potentially reject a network that could have been offered through a non-preferred route (unless that is not the case?). As is the filter function simply looks like this: function bgp_out_ASXXXX(int peeras) { if ! (source = RTS_BGP ) then return false; if (0,peeras) ~ bgp_community then return false; if (myas,peeras) ~ bgp_community then return true; if (0, myas) ~ bgp_community then return false; if from = x.x.x.x then { return false; } return true; } Any suggestions? Thanks, Stephen Holmes ______________________________________________________________________ This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email ______________________________________________________________________ ______________________________________________________________________ This email has been scanned by the MessageLabs Email Security System. ______________________________________________________________________
on 24.01.2011 21:49 Stephen Holmes wrote:
I went with a per peer pipe solution with a per ASN table, rather than using the master table. If asn A excludes out to B, do not build the pipe config for A->B, if A excludes in from B do not build pipe B->A.
Isn't that a very coarse approach? I can imagine situations where A only wants to exclude some networks out to B. How do you manage that? Some of us go with a community tagging approach which works quite nice if your peer (and you) are old fashioned 16bit AS networks. Best regards, Arnold -- Arnold Nipper / nIPper consulting, Sandhausen, Germany email: arnold@nipper.de phone: +49 6224 9259 299 mobile: +49 152 53717690 fax: +49 6224 9259 333
participants (2)
-
Arnold Nipper -
Stephen Holmes