How the prefix sets are implemented?
Hi, To filter the routes that my router gets in my BGP session, I implemented a filter like this: filter ebgp_in prefix set IMPORT_BLACKLIST; { IMPORT_BLACKLIST = [ 0.0.0.0/8+, 10.0.0.0/8+, 14.0.0.0/8+, 24.0.0.0/8+, 39.0.0.0/8+, 127.0.0.0/8+, 128.0.0.0/16+, 169.254.0.0/16+, 172.16.0.0/12+, 191.255.0.0/16+, 192.0.0.0/24+, 192.0.2.0/24+, 192.88.99.0/24+, # Disabled only in the testing environment #192.168.0.0/16+, 198.18.0.0/15+, 223.255.255.0/24+, 224.0.0.0/4+, 240.0.0.0/4+ ]; if net ~ IMPORT_BLACKLIST then { printn "Discarding received route to "; print net; reject; } accept; } filter ebgp_out { if source = RTS_STATIC then { bgp_med = BGP_MED; accept; } reject; } protocol bgp eBGP { description "eBGP"; local as 65000; source address 192.168.101.1; neighbor 192.168.100.1 as 65111; multihop 2; default bgp_local_pref 200; export filter ebgp_out; import filter ebgp_in; } As you can see, I use the variable "prefix set IMPORT_BLACKLIST" to store a blacklist. My doubt is about the implementation of the type "set". Which data structure is used in the implementation of the "set" type (linked list, tree, hash ...)? Thanks -- Thiago Henrique www.adminlinux.com.br
On 25.2.2013 15:00, 3.listas@adminlinux.com.br wrote:
Hi,
As you can see, I use the variable "prefix set IMPORT_BLACKLIST" to store a blacklist. My doubt is about the implementation of the type "set". Which data structure is used in the implementation of the "set" type (linked list, tree, hash ...)?
It is pretty efficient: http://bird.network.cz/?get_doc&f=prog-4.html#ss4.2 Ondrej
Thanks
On Monday 25 February 2013 11:00:34 3.listas@adminlinux.com.br wrote:
Hi,
To filter the routes that my router gets in my BGP session, I implemented a filter like this: filter ebgp_in prefix set IMPORT_BLACKLIST; { IMPORT_BLACKLIST = [ 0.0.0.0/8+, 10.0.0.0/8+, 14.0.0.0/8+, 24.0.0.0/8+, 39.0.0.0/8+, 127.0.0.0/8+, 128.0.0.0/16+,
you are aware of: https://labs.ripe.net/Members/mirjam/an-update-on-de-bogonising-128.0.0.0-16 ? thanks kind regards Thilo
169.254.0.0/16+, 172.16.0.0/12+, 191.255.0.0/16+, 192.0.0.0/24+, 192.0.2.0/24+, 192.88.99.0/24+, # Disabled only in the testing environment #192.168.0.0/16+, 198.18.0.0/15+, 223.255.255.0/24+, 224.0.0.0/4+, 240.0.0.0/4+ ]; if net ~ IMPORT_BLACKLIST then { printn "Discarding received route to "; print net; reject; } accept; } filter ebgp_out { if source = RTS_STATIC then { bgp_med = BGP_MED; accept; } reject; } protocol bgp eBGP { description "eBGP"; local as 65000; source address 192.168.101.1; neighbor 192.168.100.1 as 65111; multihop 2; default bgp_local_pref 200; export filter ebgp_out; import filter ebgp_in; }
As you can see, I use the variable "prefix set IMPORT_BLACKLIST" to store a blacklist. My doubt is about the implementation of the type "set". Which data structure is used in the implementation of the "set" type (linked list, tree, hash ...)?
Thanks
On 25.2.2013 21:45, Thilo Bangert wrote:
On Monday 25 February 2013 11:00:34 3.listas@adminlinux.com.br wrote:
Hi,
To filter the routes that my router gets in my BGP session, I implemented a filter like this: filter ebgp_in prefix set IMPORT_BLACKLIST; { IMPORT_BLACKLIST = [ 0.0.0.0/8+, 10.0.0.0/8+, 14.0.0.0/8+, 24.0.0.0/8+, 39.0.0.0/8+, 127.0.0.0/8+, 128.0.0.0/16+,
you are aware of: https://labs.ripe.net/Members/mirjam/an-update-on-de-bogonising-128.0.0.0-16 ?
Good point. BTW this is a good list of martians: martians = [ 169.254.0.0/16+, 172.16.0.0/12+, 192.168.0.0/16+, 10.0.0.0/8+, 224.0.0.0/4+, 240.0.0.0/4+, 0.0.0.0/32-, 0.0.0.0/0{25,32}, 0.0.0.0/0{0,7} ]; Ondrej
thanks
kind regards Thilo
169.254.0.0/16+, 172.16.0.0/12+, 191.255.0.0/16+, 192.0.0.0/24+, 192.0.2.0/24+, 192.88.99.0/24+, # Disabled only in the testing environment #192.168.0.0/16+, 198.18.0.0/15+, 223.255.255.0/24+, 224.0.0.0/4+, 240.0.0.0/4+ ]; if net ~ IMPORT_BLACKLIST then { printn "Discarding received route to "; print net; reject; } accept; } filter ebgp_out { if source = RTS_STATIC then { bgp_med = BGP_MED; accept; } reject; } protocol bgp eBGP { description "eBGP"; local as 65000; source address 192.168.101.1; neighbor 192.168.100.1 as 65111; multihop 2; default bgp_local_pref 200; export filter ebgp_out; import filter ebgp_in; }
As you can see, I use the variable "prefix set IMPORT_BLACKLIST" to store a blacklist. My doubt is about the implementation of the type "set". Which data structure is used in the implementation of the "set" type (linked list, tree, hash ...)?
Thanks
participants (3)
-
3.listasï¼ adminlinux.com.br -
Ondrej Filip -
Thilo Bangert