hi, My system is Ubuntu 13.04, kernel version is 3.8.0-21-generic, bird version is 1.4.4. Device configuration is as follows: 1. about function function rt_import (int asn; int set peer_asns; prefix set peer_nets) { if (net ~ peer_nets) then return false!; } 2. about filter filter bgp_upstream { if rt_import (64609, [64609], [192.168.1.0/24]) then reject; } In the above function, I use net ~ peer_nets to filter out peer_nets route, but in filter medium, peer_nets defined as 192.168.1.0/24, which would lead to such a fine route 192.168.1.1 will be filtered out. If the test using the "-" operator, will lead filter to filter out all the routes. Why? In the above example, how can I use "operators" to achieve peer_nets defined as 192.168.1.0/24, 192.168.1.1 subnet address to ensure it will not be filtered out. Thank you very much for nothing always help, thanks.
hi,
Hello.
My system is Ubuntu 13.04, kernel version is 3.8.0-21-generic, bird version is 1.4.4.
Device configuration is as follows:
1. about function
function rt_import (int asn; int set peer_asns; prefix set peer_nets) { if (net ~ peer_nets) then return false!;
}
2. about filter
filter bgp_upstream { if rt_import (64609, [64609], [192.168.1.0/24]) then reject;
}
In the above function, I use net ~ peer_nets to filter out peer_nets route, but in filter medium, peer_nets defined as 192.168.1.0/24, which would lead to such a fine route 192.168.1.1 will be filtered out. If the test using the "-" operator, will lead filter to filter out all the routes. Why?
192.168.1.1/32 should not be filtered with !(net ~ peer_nets) when peer_nets = [ 192.168.1.0/24 ] as this specifies set of prefixes with one prefix 192.168.1.0/24. 192.168.1.1/32 is another prefix (network address + prefix length, not just IP address) and net ~ [ 192.168.1.0/24 ] gives false (i.e. prefix 192.168.1.1/32 not in the prefix set peer_nets). "-" operator is undefined when supstracting from net (prefix type) peer_nets (prefix set type) and filter error should be logged probably.
In the above example, how can I use "operators" to achieve peer_nets defined as 192.168.1.0/24, 192.168.1.1 subnet address to ensure it will not be filtered out.
[192.168.1.0/24] and 192.168.1.0/24 are not the same. [192.168.1.0/24] - is a prefix set (set of IP prefixes), and 192.168.1.0/24 is a just IP prefix. "~" could be used on both, but with different meaning. net ~ [192.168.1.0/24] it matches net to the set of prefixes. net ~ 192.168.1.0/24 matches if net is subnet of 192.168.1.0/24. net.ip ~ 192.168.1.0/24 or 192.168.1.1 ~ 192.168.1.0/24 matches IP to the prefix. So if peer_nets declared as prefix in rt_import() (not prefix set, as in your rt_import()) statement net ~ peer_nets would match and prefix is filtered if peer_nets specified as 192.168.1.0/24 on rt_import() call. Furthermore as I said previously net ~ [192.168.1.0/24] shall not filter 192.168.1.1/32, but net ~ [192.168.1.0/24+] will do that (see BIRD's documentation filter section for details on sets of prefixes and how they could be written).
Thank you very much for nothing always help, thanks.
-- SP5474-RIPE Sergey Popovich
participants (2)
-
Sergey Popovich -
曾小小