Re: Community for small IX - problem with 4B ASN
Dear Advisors ;], Thank you for all posts. But still I do not know how to make Bird working with 4B communities and if I may do this - whether it will be accepted for our peers? In short - I do not know how to adapt to 4B communities following examples: https://gitlab.labs.nic.cz/labs/bird/wikis/Route_server_with_community_based... https://gitlab.labs.nic.cz/labs/bird/wikis/Route_server_with_community_based... Is there any way to enable 4B communities in bird.conf? I do not have any problem with 4B ASn. I set bgp peering sessions from Bird with 4B ASn. Even our IX has AS205082. This is why I put 2 questions: 1. Is it possible to enable 4B ASn for communities in Bird? Will it work with other rouers? 2. Can we use instead private ASn just for community filters? Are they processed corretly by other Internet routers of our peers? Please - do not explain me theoretical difference between 16 and 32 bits. Question is simple - can I use 4B communities for filters? If not - what 16bit "fake ASn" I can use instead safely? Best wishes, Piotr Marciniak -----Oryginalna wiadomość----- From: Paweł Nastachowski Sent: Monday, January 22, 2018 1:12 PM To: Piotr Marciniak Cc: bird-users@network.cz Subject: Re: Community for small IX - problem with 4B ASN Hi Piotr, I should use extended community for 4B ASN, because normal community is too small “Encodes a 32-bit value displayed as “16-bit ASN:16-bit value”. Regards, Pawel -----Wiadomość oryginalna----- Od: Bird-users <bird-users-bounces@network.cz> w imieniu użytkownika Piotr Marciniak <zboj@mnc.pl> Data: poniedziałek, 22 stycznia 2018 11:15 Do: "bird-users@network.cz" <bird-users@network.cz> Temat: Community for small IX - problem with 4B ASN Hello, I've spent a while on below docs and faced a problem with 4B ASN we use. Bird reports an error 'when 'myas' is 4B => so above 65535. See some testing example below: bird> configure Reading configuration from /etc/bird/bird.conf /etc/bird/bird.conf, line 81: Value 165250 out of range (0-65535) The only way this config reports no error is to set here private ASn - fe. 65250. But it will never match our real ASn. Two questions: 1. Is it possible to enable 4B ASn for communities in Bird? Will it work with other rouers? 2. Can we use instead private ASn just for community filters? Are they processed corretly by other Internet routers of our peers? Or maybe there is another work around? Best wishes, Peter -----Oryginalna wiadomość----- From: Piotr Marciniak Sent: Friday, December 29, 2017 5:01 PM To: Ondrej Zajicek Cc: bird-users@network.cz Subject: Re: Community for small IX There are some examples in BIRD wiki, mainly: https://urldefense.proofpoint.com/v2/url?u=https-3A__gitlab.labs.nic.cz_labs... https://urldefense.proofpoint.com/v2/url?u=https-3A__gitlab.labs.nic.cz_labs... -- Elen sila lumenn' omentielvo Ondrej 'Santiago' Zajicek (email: santiago@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) "To err is human -- to blame it on a computer is even more so." This email is from Equinix (EMEA) B.V. or one of its associated companies in the territory from where this email has been sent. This email, and any files transmitted with it, contains information which is confidential, is solely for the use of the intended recipient and may be legally privileged. If you have received this email in error, please notify the sender and delete this email immediately. Equinix (EMEA) B.V.. Registered Office: Amstelplein 1, 1096 HA Amsterdam, The Netherlands. Registered in The Netherlands No. 57577889.
1. Is it possible to enable 4B ASn for communities in Bird? Will it work with other rouers? 2. Can we use instead private ASn just for community filters? Are they processed corretly by other Internet routers of our peers?
1. Yes. 2. I don't recommend it. To see the communities supported by the SIX route servers, refer to: https://www.seattleix.net/route-servers#communities Below is how we do it with bird 1.6.3. Not sure about 2.0+. I hope this helps and feedback from the community is welcome. Chris --- define myas = SET TO IXP ASN; define peerPrepend1 = 65001; define peerPrepend2 = 65002; define peerPrepend3 = 65003; # BGP output filter (based on communities) # Returning false means don't propagate route to peeras. # Returning true means do propagate route to peeras. function bgp_out_comm(int peeras) { if ! (source = RTS_BGP ) then return false; if (myas,0,peeras) ~ bgp_large_community then return false; if (myas,1,peeras) ~ bgp_large_community then return true; if (myas,0,0) ~ bgp_large_community then return false; if peeras > 65535 then { if (ro,0,peeras) ~ bgp_ext_community then return false; if (ro,myas,peeras) ~ bgp_ext_community then return true; if ((ro,0,myas) ~ bgp_ext_community) then return false; } else { if ((0,peeras) ~ bgp_community) || ((ro,0,peeras) ~ bgp_ext_community) then return false; if ((myas,peeras) ~ bgp_community) || ((ro,myas,peeras) ~ bgp_ext_community) then return true; if ((0,myas) ~ bgp_community) || ((ro,0,myas) ~ bgp_ext_community) then return false; } return true; } function bgp_out(int peeras) { if !bgp_out_comm(peeras) then return false; # Prepends if peeras > 65535 then { if ((ro,peerPrepend1,peeras) ~ bgp_ext_community) || ((myas,peerPrepend1,peeras) ~ bgp_large_community) then { bgp_path.prepend(bgp_path.first); } if ((ro,peerPrepend2,peeras) ~ bgp_ext_community) || ((myas,peerPrepend2,peeras) ~ bgp_large_community) then { bgp_path.prepend(bgp_path.first); bgp_path.prepend(bgp_path.first); } if ((ro,peerPrepend3,peeras) ~ bgp_ext_community) || ((myas,peerPrepend3,peeras) ~ bgp_large_community) then { bgp_path.prepend(bgp_path.first); bgp_path.prepend(bgp_path.first); bgp_path.prepend(bgp_path.first); } } else { if ((peerPrepend1,peeras) ~ bgp_community) || ((ro,peerPrepend1,peeras) ~ bgp_ext_community) || ((myas,peerPrepend1,peeras) ~ bgp_large_community) then { bgp_path.prepend(bgp_path.first); } if ((peerPrepend2,peeras) ~ bgp_community) || ((ro,peerPrepend2,peeras) ~ bgp_ext_community) || ((myas,peerPrepend2,peeras) ~ bgp_large_community) then { bgp_path.prepend(bgp_path.first); bgp_path.prepend(bgp_path.first); } if ((peerPrepend3,peeras) ~ bgp_community) || ((ro,peerPrepend3,peeras) ~ bgp_ext_community) || ((myas,peerPrepend3,peeras) ~ bgp_large_community) then { bgp_path.prepend(bgp_path.first); bgp_path.prepend(bgp_path.first); bgp_path.prepend(bgp_path.first); } } # Remove IXP related communities bgp_community.delete([(0,*)]); bgp_community.delete([(myas,*)]); bgp_community.delete([(peerPrepend1,*)]); bgp_community.delete([(peerPrepend2,*)]); bgp_community.delete([(peerPrepend3,*)]); bgp_ext_community.delete([(ro,0,*)]); bgp_ext_community.delete([(ro,myas,*)]); bgp_ext_community.delete([(ro,peerPrepend1,*)]); bgp_ext_community.delete([(ro,peerPrepend2,*)]); bgp_ext_community.delete([(ro,peerPrepend2,*)]); bgp_large_community.delete([(myas,*,*)]); return true; } On Mon, 22 Jan 2018, Piotr Marciniak wrote:
Dear Advisors ;],
Thank you for all posts. But still I do not know how to make Bird working with 4B communities and if I may do this - whether it will be accepted for our peers? In short - I do not know how to adapt to 4B communities following examples:
https://gitlab.labs.nic.cz/labs/bird/wikis/Route_server_with_community_based... https://gitlab.labs.nic.cz/labs/bird/wikis/Route_server_with_community_based...
Is there any way to enable 4B communities in bird.conf?
I do not have any problem with 4B ASn. I set bgp peering sessions from Bird with 4B ASn. Even our IX has AS205082.
This is why I put 2 questions:
1. Is it possible to enable 4B ASn for communities in Bird? Will it work with other rouers? 2. Can we use instead private ASn just for community filters? Are they processed corretly by other Internet routers of our peers?
Please - do not explain me theoretical difference between 16 and 32 bits. Question is simple - can I use 4B communities for filters? If not - what 16bit "fake ASn" I can use instead safely?
Best wishes,
Piotr Marciniak
-----Oryginalna wiadomość----- From: Paweł Nastachowski Sent: Monday, January 22, 2018 1:12 PM To: Piotr Marciniak Cc: bird-users@network.cz Subject: Re: Community for small IX - problem with 4B ASN
Hi Piotr,
I should use extended community for 4B ASN, because normal community is too small “Encodes a 32-bit value displayed as “16-bit ASN:16-bit value”.
Regards, Pawel
-----Wiadomość oryginalna----- Od: Bird-users <bird-users-bounces@network.cz> w imieniu użytkownika Piotr Marciniak <zboj@mnc.pl> Data: poniedziałek, 22 stycznia 2018 11:15 Do: "bird-users@network.cz" <bird-users@network.cz> Temat: Community for small IX - problem with 4B ASN
Hello,
I've spent a while on below docs and faced a problem with 4B ASN we use. Bird reports an error 'when 'myas' is 4B => so above 65535. See some testing example below:
bird> configure Reading configuration from /etc/bird/bird.conf /etc/bird/bird.conf, line 81: Value 165250 out of range (0-65535)
The only way this config reports no error is to set here private ASn - fe. 65250. But it will never match our real ASn.
Two questions:
1. Is it possible to enable 4B ASn for communities in Bird? Will it work with other rouers? 2. Can we use instead private ASn just for community filters? Are they processed corretly by other Internet routers of our peers?
Or maybe there is another work around?
Best wishes,
Peter
-----Oryginalna wiadomość----- From: Piotr Marciniak Sent: Friday, December 29, 2017 5:01 PM To: Ondrej Zajicek Cc: bird-users@network.cz Subject: Re: Community for small IX
There are some examples in BIRD wiki, mainly:
https://urldefense.proofpoint.com/v2/url?u=https-3A__gitlab.labs.nic.cz_labs... https://urldefense.proofpoint.com/v2/url?u=https-3A__gitlab.labs.nic.cz_labs...
-- Elen sila lumenn' omentielvo
Ondrej 'Santiago' Zajicek (email: santiago@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) "To err is human -- to blame it on a computer is even more so."
This email is from Equinix (EMEA) B.V. or one of its associated companies in the territory from where this email has been sent. This email, and any files transmitted with it, contains information which is confidential, is solely for the use of the intended recipient and may be legally privileged. If you have received this email in error, please notify the sender and delete this email immediately. Equinix (EMEA) B.V.. Registered Office: Amstelplein 1, 1096 HA Amsterdam, The Netherlands. Registered in The Netherlands No. 57577889.
Hello Chris, Thank you for your config. Looks much better. Still I have know error... bird> conf check Reading configuration from /etc/bird/bird.conf /etc/bird/bird.conf, line 121: Value 205082 out of range (0-65535) ...but not in main section of filter. It is only here now: # Remove IXP related communities #(...) bgp_community.delete([(myas,*)]); Only this one line. Once commented - no errors in filter reported. Is there any fix for it? Rgrds, Peter -----Oryginalna wiadomość----- From: Chris Caputo Sent: Monday, January 22, 2018 2:25 PM To: Piotr Marciniak Cc: bird-users@network.cz Subject: Re: Community for small IX - problem with 4B ASN
1. Is it possible to enable 4B ASn for communities in Bird? Will it work with other rouers? 2. Can we use instead private ASn just for community filters? Are they processed corretly by other Internet routers of our peers?
1. Yes. 2. I don't recommend it. To see the communities supported by the SIX route servers, refer to: https://www.seattleix.net/route-servers#communities Below is how we do it with bird 1.6.3. Not sure about 2.0+. I hope this helps and feedback from the community is welcome. Chris --- define myas = SET TO IXP ASN; define peerPrepend1 = 65001; define peerPrepend2 = 65002; define peerPrepend3 = 65003; # BGP output filter (based on communities) # Returning false means don't propagate route to peeras. # Returning true means do propagate route to peeras. function bgp_out_comm(int peeras) { if ! (source = RTS_BGP ) then return false; if (myas,0,peeras) ~ bgp_large_community then return false; if (myas,1,peeras) ~ bgp_large_community then return true; if (myas,0,0) ~ bgp_large_community then return false; if peeras > 65535 then { if (ro,0,peeras) ~ bgp_ext_community then return false; if (ro,myas,peeras) ~ bgp_ext_community then return true; if ((ro,0,myas) ~ bgp_ext_community) then return false; } else { if ((0,peeras) ~ bgp_community) || ((ro,0,peeras) ~ bgp_ext_community) then return false; if ((myas,peeras) ~ bgp_community) || ((ro,myas,peeras) ~ bgp_ext_community) then return true; if ((0,myas) ~ bgp_community) || ((ro,0,myas) ~ bgp_ext_community) then return false; } return true; } function bgp_out(int peeras) { if !bgp_out_comm(peeras) then return false; # Prepends if peeras > 65535 then { if ((ro,peerPrepend1,peeras) ~ bgp_ext_community) || ((myas,peerPrepend1,peeras) ~ bgp_large_community) then { bgp_path.prepend(bgp_path.first); } if ((ro,peerPrepend2,peeras) ~ bgp_ext_community) || ((myas,peerPrepend2,peeras) ~ bgp_large_community) then { bgp_path.prepend(bgp_path.first); bgp_path.prepend(bgp_path.first); } if ((ro,peerPrepend3,peeras) ~ bgp_ext_community) || ((myas,peerPrepend3,peeras) ~ bgp_large_community) then { bgp_path.prepend(bgp_path.first); bgp_path.prepend(bgp_path.first); bgp_path.prepend(bgp_path.first); } } else { if ((peerPrepend1,peeras) ~ bgp_community) || ((ro,peerPrepend1,peeras) ~ bgp_ext_community) || ((myas,peerPrepend1,peeras) ~ bgp_large_community) then { bgp_path.prepend(bgp_path.first); } if ((peerPrepend2,peeras) ~ bgp_community) || ((ro,peerPrepend2,peeras) ~ bgp_ext_community) || ((myas,peerPrepend2,peeras) ~ bgp_large_community) then { bgp_path.prepend(bgp_path.first); bgp_path.prepend(bgp_path.first); } if ((peerPrepend3,peeras) ~ bgp_community) || ((ro,peerPrepend3,peeras) ~ bgp_ext_community) || ((myas,peerPrepend3,peeras) ~ bgp_large_community) then { bgp_path.prepend(bgp_path.first); bgp_path.prepend(bgp_path.first); bgp_path.prepend(bgp_path.first); } } # Remove IXP related communities bgp_community.delete([(0,*)]); bgp_community.delete([(myas,*)]); bgp_community.delete([(peerPrepend1,*)]); bgp_community.delete([(peerPrepend2,*)]); bgp_community.delete([(peerPrepend3,*)]); bgp_ext_community.delete([(ro,0,*)]); bgp_ext_community.delete([(ro,myas,*)]); bgp_ext_community.delete([(ro,peerPrepend1,*)]); bgp_ext_community.delete([(ro,peerPrepend2,*)]); bgp_ext_community.delete([(ro,peerPrepend2,*)]); bgp_large_community.delete([(myas,*,*)]); return true; } On Mon, 22 Jan 2018, Piotr Marciniak wrote:
Dear Advisors ;],
Thank you for all posts. But still I do not know how to make Bird working with 4B communities and if I may do this - whether it will be accepted for our peers? In short - I do not know how to adapt to 4B communities following examples:
https://gitlab.labs.nic.cz/labs/bird/wikis/Route_server_with_community_based... https://gitlab.labs.nic.cz/labs/bird/wikis/Route_server_with_community_based...
Is there any way to enable 4B communities in bird.conf?
I do not have any problem with 4B ASn. I set bgp peering sessions from Bird with 4B ASn. Even our IX has AS205082.
This is why I put 2 questions:
1. Is it possible to enable 4B ASn for communities in Bird? Will it work with other rouers? 2. Can we use instead private ASn just for community filters? Are they processed corretly by other Internet routers of our peers?
Please - do not explain me theoretical difference between 16 and 32 bits. Question is simple - can I use 4B communities for filters? If not - what 16bit "fake ASn" I can use instead safely?
Best wishes,
Piotr Marciniak
-----Oryginalna wiadomość----- From: Paweł Nastachowski Sent: Monday, January 22, 2018 1:12 PM To: Piotr Marciniak Cc: bird-users@network.cz Subject: Re: Community for small IX - problem with 4B ASN
Hi Piotr,
I should use extended community for 4B ASN, because normal community is too small “Encodes a 32-bit value displayed as “16-bit ASN:16-bit value”.
Regards, Pawel
-----Wiadomość oryginalna----- Od: Bird-users <bird-users-bounces@network.cz> w imieniu użytkownika Piotr Marciniak <zboj@mnc.pl> Data: poniedziałek, 22 stycznia 2018 11:15 Do: "bird-users@network.cz" <bird-users@network.cz> Temat: Community for small IX - problem with 4B ASN
Hello,
I've spent a while on below docs and faced a problem with 4B ASN we use. Bird reports an error 'when 'myas' is 4B => so above 65535. See some testing example below:
bird> configure Reading configuration from /etc/bird/bird.conf /etc/bird/bird.conf, line 81: Value 165250 out of range (0-65535)
The only way this config reports no error is to set here private ASn - fe. 65250. But it will never match our real ASn.
Two questions:
1. Is it possible to enable 4B ASn for communities in Bird? Will it work with other rouers? 2. Can we use instead private ASn just for community filters? Are they processed corretly by other Internet routers of our peers?
Or maybe there is another work around?
Best wishes,
Peter
-----Oryginalna wiadomość----- From: Piotr Marciniak Sent: Friday, December 29, 2017 5:01 PM To: Ondrej Zajicek Cc: bird-users@network.cz Subject: Re: Community for small IX
There are some examples in BIRD wiki, mainly:
https://urldefense.proofpoint.com/v2/url?u=https-3A__gitlab.labs.nic.cz_labs...
https://urldefense.proofpoint.com/v2/url?u=https-3A__gitlab.labs.nic.cz_labs...
-- Elen sila lumenn' omentielvo
Ondrej 'Santiago' Zajicek (email: santiago@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) "To err is human -- to blame it on a computer is even more so."
This email is from Equinix (EMEA) B.V. or one of its associated companies in the territory from where this email has been sent. This email, and any files transmitted with it, contains information which is confidential, is solely for the use of the intended recipient and may be legally privileged. If you have received this email in error, please notify the sender and delete this email immediately. Equinix (EMEA) B.V.. Registered Office: Amstelplein 1, 1096 HA Amsterdam, The Netherlands. Registered in The Netherlands No. 57577889.
What is myas set to? Chris On Mon, 22 Jan 2018, Piotr Marciniak wrote:
Hello Chris,
Thank you for your config. Looks much better. Still I have know error...
bird> conf check Reading configuration from /etc/bird/bird.conf /etc/bird/bird.conf, line 121: Value 205082 out of range (0-65535)
...but not in main section of filter. It is only here now:
#Remove IXP related communities #(...) bgp_community.delete([(myas,*)]);
Only this one line. Once commented - no errors in filter reported. Is there any fix for it?
Rgrds,
Peter
-----Oryginalna wiadomość----- From: Chris Caputo Sent: Monday, January 22, 2018 2:25 PM To: Piotr Marciniak Cc: bird-users@network.cz Subject: Re: Community for small IX - problem with 4B ASN
1. Is it possible to enable 4B ASn for communities in Bird? Will it work with other rouers? 2. Can we use instead private ASn just for community filters? Are they processed corretly by other Internet routers of our peers?
1. Yes.
2. I don't recommend it.
To see the communities supported by the SIX route servers, refer to:
https://www.seattleix.net/route-servers#communities
Below is how we do it with bird 1.6.3. Not sure about 2.0+.
I hope this helps and feedback from the community is welcome.
Chris
---
define myas = SET TO IXP ASN; define peerPrepend1 = 65001; define peerPrepend2 = 65002; define peerPrepend3 = 65003;
# BGP output filter (based on communities) # Returning false means don't propagate route to peeras. # Returning true means do propagate route to peeras. function bgp_out_comm(int peeras) { if ! (source = RTS_BGP ) then return false;
if (myas,0,peeras) ~ bgp_large_community then return false; if (myas,1,peeras) ~ bgp_large_community then return true; if (myas,0,0) ~ bgp_large_community then return false;
if peeras > 65535 then { if (ro,0,peeras) ~ bgp_ext_community then return false; if (ro,myas,peeras) ~ bgp_ext_community then return true; if ((ro,0,myas) ~ bgp_ext_community) then return false; } else { if ((0,peeras) ~ bgp_community) || ((ro,0,peeras) ~ bgp_ext_community) then return false; if ((myas,peeras) ~ bgp_community) || ((ro,myas,peeras) ~ bgp_ext_community) then return true; if ((0,myas) ~ bgp_community) || ((ro,0,myas) ~ bgp_ext_community) then return false; } return true; }
function bgp_out(int peeras) { if !bgp_out_comm(peeras) then return false;
# Prepends if peeras > 65535 then { if ((ro,peerPrepend1,peeras) ~ bgp_ext_community) || ((myas,peerPrepend1,peeras) ~ bgp_large_community) then { bgp_path.prepend(bgp_path.first); } if ((ro,peerPrepend2,peeras) ~ bgp_ext_community) || ((myas,peerPrepend2,peeras) ~ bgp_large_community) then { bgp_path.prepend(bgp_path.first); bgp_path.prepend(bgp_path.first); } if ((ro,peerPrepend3,peeras) ~ bgp_ext_community) || ((myas,peerPrepend3,peeras) ~ bgp_large_community) then { bgp_path.prepend(bgp_path.first); bgp_path.prepend(bgp_path.first); bgp_path.prepend(bgp_path.first); } } else { if ((peerPrepend1,peeras) ~ bgp_community) || ((ro,peerPrepend1,peeras) ~ bgp_ext_community) || ((myas,peerPrepend1,peeras) ~ bgp_large_community) then { bgp_path.prepend(bgp_path.first); } if ((peerPrepend2,peeras) ~ bgp_community) || ((ro,peerPrepend2,peeras) ~ bgp_ext_community) || ((myas,peerPrepend2,peeras) ~ bgp_large_community) then { bgp_path.prepend(bgp_path.first); bgp_path.prepend(bgp_path.first); } if ((peerPrepend3,peeras) ~ bgp_community) || ((ro,peerPrepend3,peeras) ~ bgp_ext_community) || ((myas,peerPrepend3,peeras) ~ bgp_large_community) then { bgp_path.prepend(bgp_path.first); bgp_path.prepend(bgp_path.first); bgp_path.prepend(bgp_path.first); } }
# Remove IXP related communities bgp_community.delete([(0,*)]); bgp_community.delete([(myas,*)]); bgp_community.delete([(peerPrepend1,*)]); bgp_community.delete([(peerPrepend2,*)]); bgp_community.delete([(peerPrepend3,*)]); bgp_ext_community.delete([(ro,0,*)]); bgp_ext_community.delete([(ro,myas,*)]); bgp_ext_community.delete([(ro,peerPrepend1,*)]); bgp_ext_community.delete([(ro,peerPrepend2,*)]); bgp_ext_community.delete([(ro,peerPrepend2,*)]); bgp_large_community.delete([(myas,*,*)]);
return true; }
On Mon, 22 Jan 2018, Piotr Marciniak wrote:
Dear Advisors ;],
Thank you for all posts. But still I do not know how to make Bird working with 4B communities and if I may do this - whether it will be accepted for our peers? In short - I do not know how to adapt to 4B communities following examples:
https://gitlab.labs.nic.cz/labs/bird/wikis/Route_server_with_community_based... https://gitlab.labs.nic.cz/labs/bird/wikis/Route_server_with_community_based...
Is there any way to enable 4B communities in bird.conf?
I do not have any problem with 4B ASn. I set bgp peering sessions from Bird with 4B ASn. Even our IX has AS205082.
This is why I put 2 questions:
1. Is it possible to enable 4B ASn for communities in Bird? Will it work with other rouers? 2. Can we use instead private ASn just for community filters? Are they processed corretly by other Internet routers of our peers?
Please - do not explain me theoretical difference between 16 and 32 bits. Question is simple - can I use 4B communities for filters? If not - what 16bit "fake ASn" I can use instead safely?
Best wishes,
Piotr Marciniak
-----Oryginalna wiadomość----- From: Paweł Nastachowski Sent: Monday, January 22, 2018 1:12 PM To: Piotr Marciniak Cc: bird-users@network.cz Subject: Re: Community for small IX - problem with 4B ASN
Hi Piotr,
I should use extended community for 4B ASN, because normal community is too small “Encodes a 32-bit value displayed as “16-bit ASN:16-bit value”.
Regards, Pawel
-----Wiadomość oryginalna----- Od: Bird-users <bird-users-bounces@network.cz> w imieniu użytkownika Piotr Marciniak <zboj@mnc.pl> Data: poniedziałek, 22 stycznia 2018 11:15 Do: "bird-users@network.cz" <bird-users@network.cz> Temat: Community for small IX - problem with 4B ASN
Hello,
I've spent a while on below docs and faced a problem with 4B ASN we use. Bird reports an error 'when 'myas' is 4B => so above 65535. See some testing example below:
bird> configure Reading configuration from /etc/bird/bird.conf /etc/bird/bird.conf, line 81: Value 165250 out of range (0-65535)
The only way this config reports no error is to set here private ASn - fe. 65250. But it will never match our real ASn.
Two questions:
1. Is it possible to enable 4B ASn for communities in Bird? Will it work with other rouers? 2. Can we use instead private ASn just for community filters? Are they processed corretly by other Internet routers of our peers?
Or maybe there is another work around?
Best wishes,
Peter
-----Oryginalna wiadomość----- From: Piotr Marciniak Sent: Friday, December 29, 2017 5:01 PM To: Ondrej Zajicek Cc: bird-users@network.cz Subject: Re: Community for small IX
There are some examples in BIRD wiki, mainly:
https://urldefense.proofpoint.com/v2/url?u=https-3A__gitlab.labs.nic.cz_labs...
https://urldefense.proofpoint.com/v2/url?u=https-3A__gitlab.labs.nic.cz_labs...
-- Elen sila lumenn' omentielvo
Ondrej 'Santiago' Zajicek (email: santiago@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) "To err is human -- to blame it on a computer is even more so."
This email is from Equinix (EMEA) B.V. or one of its associated companies in the territory from where this email has been sent. This email, and any files transmitted with it, contains information which is confidential, is solely for the use of the intended recipient and may be legally privileged. If you have received this email in error, please notify the sender and delete this email immediately. Equinix (EMEA) B.V.. Registered Office: Amstelplein 1, 1096 HA Amsterdam, The Netherlands. Registered in The Netherlands No. 57577889.
I see AS205082 is yours. You'll need a 16-bit ASN in order to use the communities described below. Chris On Mon, 22 Jan 2018, Chris Caputo wrote:
What is myas set to?
Chris
On Mon, 22 Jan 2018, Piotr Marciniak wrote:
Hello Chris,
Thank you for your config. Looks much better. Still I have know error...
bird> conf check Reading configuration from /etc/bird/bird.conf /etc/bird/bird.conf, line 121: Value 205082 out of range (0-65535)
...but not in main section of filter. It is only here now:
#Remove IXP related communities #(...) bgp_community.delete([(myas,*)]);
Only this one line. Once commented - no errors in filter reported. Is there any fix for it?
Rgrds,
Peter
-----Oryginalna wiadomość----- From: Chris Caputo Sent: Monday, January 22, 2018 2:25 PM To: Piotr Marciniak Cc: bird-users@network.cz Subject: Re: Community for small IX - problem with 4B ASN
1. Is it possible to enable 4B ASn for communities in Bird? Will it work with other rouers? 2. Can we use instead private ASn just for community filters? Are they processed corretly by other Internet routers of our peers?
1. Yes.
2. I don't recommend it.
To see the communities supported by the SIX route servers, refer to:
https://www.seattleix.net/route-servers#communities
Below is how we do it with bird 1.6.3. Not sure about 2.0+.
I hope this helps and feedback from the community is welcome.
Chris
---
define myas = SET TO IXP ASN; define peerPrepend1 = 65001; define peerPrepend2 = 65002; define peerPrepend3 = 65003;
# BGP output filter (based on communities) # Returning false means don't propagate route to peeras. # Returning true means do propagate route to peeras. function bgp_out_comm(int peeras) { if ! (source = RTS_BGP ) then return false;
if (myas,0,peeras) ~ bgp_large_community then return false; if (myas,1,peeras) ~ bgp_large_community then return true; if (myas,0,0) ~ bgp_large_community then return false;
if peeras > 65535 then { if (ro,0,peeras) ~ bgp_ext_community then return false; if (ro,myas,peeras) ~ bgp_ext_community then return true; if ((ro,0,myas) ~ bgp_ext_community) then return false; } else { if ((0,peeras) ~ bgp_community) || ((ro,0,peeras) ~ bgp_ext_community) then return false; if ((myas,peeras) ~ bgp_community) || ((ro,myas,peeras) ~ bgp_ext_community) then return true; if ((0,myas) ~ bgp_community) || ((ro,0,myas) ~ bgp_ext_community) then return false; } return true; }
function bgp_out(int peeras) { if !bgp_out_comm(peeras) then return false;
# Prepends if peeras > 65535 then { if ((ro,peerPrepend1,peeras) ~ bgp_ext_community) || ((myas,peerPrepend1,peeras) ~ bgp_large_community) then { bgp_path.prepend(bgp_path.first); } if ((ro,peerPrepend2,peeras) ~ bgp_ext_community) || ((myas,peerPrepend2,peeras) ~ bgp_large_community) then { bgp_path.prepend(bgp_path.first); bgp_path.prepend(bgp_path.first); } if ((ro,peerPrepend3,peeras) ~ bgp_ext_community) || ((myas,peerPrepend3,peeras) ~ bgp_large_community) then { bgp_path.prepend(bgp_path.first); bgp_path.prepend(bgp_path.first); bgp_path.prepend(bgp_path.first); } } else { if ((peerPrepend1,peeras) ~ bgp_community) || ((ro,peerPrepend1,peeras) ~ bgp_ext_community) || ((myas,peerPrepend1,peeras) ~ bgp_large_community) then { bgp_path.prepend(bgp_path.first); } if ((peerPrepend2,peeras) ~ bgp_community) || ((ro,peerPrepend2,peeras) ~ bgp_ext_community) || ((myas,peerPrepend2,peeras) ~ bgp_large_community) then { bgp_path.prepend(bgp_path.first); bgp_path.prepend(bgp_path.first); } if ((peerPrepend3,peeras) ~ bgp_community) || ((ro,peerPrepend3,peeras) ~ bgp_ext_community) || ((myas,peerPrepend3,peeras) ~ bgp_large_community) then { bgp_path.prepend(bgp_path.first); bgp_path.prepend(bgp_path.first); bgp_path.prepend(bgp_path.first); } }
# Remove IXP related communities bgp_community.delete([(0,*)]); bgp_community.delete([(myas,*)]); bgp_community.delete([(peerPrepend1,*)]); bgp_community.delete([(peerPrepend2,*)]); bgp_community.delete([(peerPrepend3,*)]); bgp_ext_community.delete([(ro,0,*)]); bgp_ext_community.delete([(ro,myas,*)]); bgp_ext_community.delete([(ro,peerPrepend1,*)]); bgp_ext_community.delete([(ro,peerPrepend2,*)]); bgp_ext_community.delete([(ro,peerPrepend2,*)]); bgp_large_community.delete([(myas,*,*)]);
return true; }
On Mon, 22 Jan 2018, Piotr Marciniak wrote:
Dear Advisors ;],
Thank you for all posts. But still I do not know how to make Bird working with 4B communities and if I may do this - whether it will be accepted for our peers? In short - I do not know how to adapt to 4B communities following examples:
https://gitlab.labs.nic.cz/labs/bird/wikis/Route_server_with_community_based... https://gitlab.labs.nic.cz/labs/bird/wikis/Route_server_with_community_based...
Is there any way to enable 4B communities in bird.conf?
I do not have any problem with 4B ASn. I set bgp peering sessions from Bird with 4B ASn. Even our IX has AS205082.
This is why I put 2 questions:
1. Is it possible to enable 4B ASn for communities in Bird? Will it work with other rouers? 2. Can we use instead private ASn just for community filters? Are they processed corretly by other Internet routers of our peers?
Please - do not explain me theoretical difference between 16 and 32 bits. Question is simple - can I use 4B communities for filters? If not - what 16bit "fake ASn" I can use instead safely?
Best wishes,
Piotr Marciniak
-----Oryginalna wiadomość----- From: Paweł Nastachowski Sent: Monday, January 22, 2018 1:12 PM To: Piotr Marciniak Cc: bird-users@network.cz Subject: Re: Community for small IX - problem with 4B ASN
Hi Piotr,
I should use extended community for 4B ASN, because normal community is too small “Encodes a 32-bit value displayed as “16-bit ASN:16-bit value”.
Regards, Pawel
-----Wiadomość oryginalna----- Od: Bird-users <bird-users-bounces@network.cz> w imieniu użytkownika Piotr Marciniak <zboj@mnc.pl> Data: poniedziałek, 22 stycznia 2018 11:15 Do: "bird-users@network.cz" <bird-users@network.cz> Temat: Community for small IX - problem with 4B ASN
Hello,
I've spent a while on below docs and faced a problem with 4B ASN we use. Bird reports an error 'when 'myas' is 4B => so above 65535. See some testing example below:
bird> configure Reading configuration from /etc/bird/bird.conf /etc/bird/bird.conf, line 81: Value 165250 out of range (0-65535)
The only way this config reports no error is to set here private ASn - fe. 65250. But it will never match our real ASn.
Two questions:
1. Is it possible to enable 4B ASn for communities in Bird? Will it work with other rouers? 2. Can we use instead private ASn just for community filters? Are they processed corretly by other Internet routers of our peers?
Or maybe there is another work around?
Best wishes,
Peter
-----Oryginalna wiadomość----- From: Piotr Marciniak Sent: Friday, December 29, 2017 5:01 PM To: Ondrej Zajicek Cc: bird-users@network.cz Subject: Re: Community for small IX
There are some examples in BIRD wiki, mainly:
https://urldefense.proofpoint.com/v2/url?u=https-3A__gitlab.labs.nic.cz_labs...
https://urldefense.proofpoint.com/v2/url?u=https-3A__gitlab.labs.nic.cz_labs...
-- Elen sila lumenn' omentielvo
Ondrej 'Santiago' Zajicek (email: santiago@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) "To err is human -- to blame it on a computer is even more so."
This email is from Equinix (EMEA) B.V. or one of its associated companies in the territory from where this email has been sent. This email, and any files transmitted with it, contains information which is confidential, is solely for the use of the intended recipient and may be legally privileged. If you have received this email in error, please notify the sender and delete this email immediately. Equinix (EMEA) B.V.. Registered Office: Amstelplein 1, 1096 HA Amsterdam, The Netherlands. Registered in The Netherlands No. 57577889.
On Mon, Jan 22, 2018 at 2:00 PM, Piotr Marciniak <zboj@mnc.pl> wrote:
Dear Advisors ;],
Thank you for all posts. But still I do not know how to make Bird working with 4B communities and if I may do this - whether it will be accepted for our peers? In short - I do not know how to adapt to 4B communities following examples:
https://gitlab.labs.nic.cz/labs/bird/wikis/Route_server_with _community_based_filtering_and_multiple_RIBs https://gitlab.labs.nic.cz/labs/bird/wikis/Route_server_with _community_based_filtering_and_single_RIB
Is there any way to enable 4B communities in bird.conf?
I do not have any problem with 4B ASn. I set bgp peering sessions from Bird with 4B ASn. Even our IX has AS205082.
This is why I put 2 questions:
1. Is it possible to enable 4B ASn for communities in Bird? Will it work with other rouers?
This is not bird thing. You can not use 4B AS numbers with "old" communities. http://bird.network.cz/?get_doc&v=16&f=bird-5.html#ss5.2 pair This is a pair of two short integers. Each component can have values from 0 to 65535. Literals of this type are written as (1234,5678). The same syntax can also be used to construct a pair from two arbitrary integer expressions (for example (1+2,a)). But there is newer version of communities called large communities: lc This is a specialized type used to represent BGP large community values. It is essentially a triplet of 32bit values, where the first value is reserved for the AS number of the issuer, while meaning of remaining parts is defined by the issuer. Literals of this type are written as (123, 456, 789), with any integer values. Similarly to pairs, LCs can be constructed using expressions for its parts, (e.g. (myas, 10+20, 3*10), where myas is an integer variable). http://largebgpcommunities.net/ Those can be used with 4B AS numbers, but not every router supports them.
2. Can we use instead private ASn just for community filters? Are they processed corretly by other Internet routers of our peers?
You can use whatever numbers you want. AS numbers are used there for clarity and interoperability. But it is rare needed to share communities between operators.
Please - do not explain me theoretical difference between 16 and 32 bits. Question is simple - can I use 4B communities for filters? If not - what 16bit "fake ASn" I can use instead safely?
So if you know the difference between 16 and 32 bits, than why you surprised that you can not put 32-bit number into 16-bit entity? :)
Best wishes,
Piotr Marciniak
-----Oryginalna wiadomość----- From: Paweł Nastachowski Sent: Monday, January 22, 2018 1:12 PM To: Piotr Marciniak Cc: bird-users@network.cz Subject: Re: Community for small IX - problem with 4B ASN
Hi Piotr,
I should use extended community for 4B ASN, because normal community is too small “Encodes a 32-bit value displayed as “16-bit ASN:16-bit value”.
Regards, Pawel
-----Wiadomość oryginalna----- Od: Bird-users <bird-users-bounces@network.cz> w imieniu użytkownika Piotr Marciniak <zboj@mnc.pl> Data: poniedziałek, 22 stycznia 2018 11:15 Do: "bird-users@network.cz" <bird-users@network.cz> Temat: Community for small IX - problem with 4B ASN
Hello,
I've spent a while on below docs and faced a problem with 4B ASN we use. Bird reports an error 'when 'myas' is 4B => so above 65535. See some testing example below:
bird> configure Reading configuration from /etc/bird/bird.conf /etc/bird/bird.conf, line 81: Value 165250 out of range (0-65535)
The only way this config reports no error is to set here private ASn - fe. 65250. But it will never match our real ASn.
Two questions:
1. Is it possible to enable 4B ASn for communities in Bird? Will it work with other rouers? 2. Can we use instead private ASn just for community filters? Are they processed corretly by other Internet routers of our peers?
Or maybe there is another work around?
Best wishes,
Peter
-----Oryginalna wiadomość----- From: Piotr Marciniak Sent: Friday, December 29, 2017 5:01 PM To: Ondrej Zajicek Cc: bird-users@network.cz Subject: Re: Community for small IX
There are some examples in BIRD wiki, mainly:
https://urldefense.proofpoint.com/v2/url?u=https- 3A__gitlab.labs.nic.cz_labs_bird_wikis_Route-5Fserver- 5Fwith-5Fcommunity-5Fbased-5Ffiltering-5Fand-5Fmultiple-5FRI Bs&d=DwIDaQ&c=gxW9PgscCAGwFImBgfkGkoANogu61GVPNv0sglxAtik&r= 5Q01PsGCLGh5Iipn2_EFz2pKmXKRl5oJ_tHzyrwTUhrj4D27CXd9SGXgnGWo H5Yy&m=b6e1rT2mu_bWkZiOT-71FnOGwrXSx-xnpaRwbI3-BFI&s=2UgZOD_ Fkqt6ZgVqlXm_vXRiY1LP_MTlkWo-TGVqAtE&e= https://urldefense.proofpoint.com/v2/url?u=https- 3A__gitlab.labs.nic.cz_labs_bird_wikis_Route-5Fserver- 5Fwith-5Fcommunity-5Fbased-5Ffiltering-5Fand-5Fsingle-5FRIB& d=DwIDaQ&c=gxW9PgscCAGwFImBgfkGkoANogu61GVPNv0sglxAtik&r=5Q0 1PsGCLGh5Iipn2_EFz2pKmXKRl5oJ_tHzyrwTUhrj4D27CXd9SGXgnGWoH5Y y&m=b6e1rT2mu_bWkZiOT-71FnOGwrXSx-xnpaRwbI3-BFI&s=KjVYea-iJR Nl8BxFQFgkEeHLWFK8qwenAm_GRJDH4Q4&e=
-- Elen sila lumenn' omentielvo
Ondrej 'Santiago' Zajicek (email: santiago@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) "To err is human -- to blame it on a computer is even more so."
This email is from Equinix (EMEA) B.V. or one of its associated companies in the territory from where this email has been sent. This email, and any files transmitted with it, contains information which is confidential, is solely for the use of the intended recipient and may be legally privileged. If you have received this email in error, please notify the sender and delete this email immediately. Equinix (EMEA) B.V.. Registered Office: Amstelplein 1, 1096 HA Amsterdam, The Netherlands. Registered in The Netherlands No. 57577889.
Please - do not explain me theoretical difference between 16 and 32 bits. Question is simple - can I use 4B communities for filters? If not - what 16bit "fake ASn" I can use instead safely?
So if you know the difference between 16 and 32 bits, than why you surprised that you can not put 32-bit number into 16-bit entity? :)
Hello Alexander, Thank you for your answer. I am not trying to put 32 bitts in 16 bits. ;-] I asked if it is possible to eable 32-bit communities on Bird and how to do that? Of course I may try as in example private 65250 (or any other) but before going that way – I was just curious if I may use our own AS205082 to avoid possible confusion of our peers. If I am right – I need “fake 16-bits ASn” to stay safe and... compatible. ;] Thank you all for support. Best wishes, Peter
On Mon, Jan 22, 2018 at 02:00:27PM +0100, Piotr Marciniak wrote:
Dear Advisors ;],
Thank you for all posts. But still I do not know how to make Bird working with 4B communities and if I may do this - whether it will be accepted for our peers? In short - I do not know how to adapt to 4B communities following examples:
https://gitlab.labs.nic.cz/labs/bird/wikis/Route_server_with_community_based... https://gitlab.labs.nic.cz/labs/bird/wikis/Route_server_with_community_based...
Is there any way to enable 4B communities in bird.conf?
I do not have any problem with 4B ASn. I set bgp peering sessions from Bird with 4B ASn. Even our IX has AS205082.
This is why I put 2 questions:
1. Is it possible to enable 4B ASn for communities in Bird? Will it work with other rouers? 2. Can we use instead private ASn just for community filters? Are they processed corretly by other Internet routers of our peers?
Well, that depends on exact meaning of 'communities'. There are three different independent community attributes: - 'traditional' communities (RFC 1997) - Extended communities (RFC 4360) - Large communities (RFC 8092) Attribute bgp_community is for traditional communities, which are limited to 16 bit components. So you cannot use 32bit ASNs with them. Also, even if you used 16bit private ASN as myas, you cannot use them for 32bit peeras. You can use Extended communities (and that is usual setting in IXes), but they can have one component 32 bit, but not both. So if you have 16bit myas, you could have 32bit peeras. Or you can use new Large communities, which are fully 32bit, and ditch both traditional and Extended communities. But this is pretty new standard and i am not sure how widely is supported by other systems. -- Elen sila lumenn' omentielvo Ondrej 'Santiago' Zajicek (email: santiago@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) "To err is human -- to blame it on a computer is even more so."
Hello, On 01/22/2018 04:16 PM, Ondrej Zajicek wrote:
Or you can use new Large communities, which are fully 32bit, and ditch both traditional and Extended communities. But this is pretty new standard and i am not sure how widely is supported by other systems.
Not yet, and if they're supported, then in very, very recent software code - which network operator usualy aren't running in their production networks/routers... DECIX, for example implements all approaches on their route-servers - so you have option to use standard+extended communities (extended for 32b ASN) or large communities providing similar functionality. Generally I think it's good idea to implement also support for large communities on newly-built routeservers. With regards, Daniel
Hello Ondrej, I am seeking for a way to make our small local IXP project to be a bit more flexible and safe. I think we could do with implementation of communities which would allow our peers to prepend or block their prefixes from annoncing to specific peer or all peers. Goal is simple. Peer A should be able to send to us community to prepend or block announcing his prefixes to chosen by ASn Peer B or all peers. Which community standard I would like to use? Most supported on typical, (mosttly) local ISP BGP routers - from Mikrotik by Cisco to Bird. I do not think it is extraordinary wish. ;-] Rather typical for most IXP of any size. In our scenario we rather do not need to forward communities. Just to collect info from Peer A what to do with his prefixes before announcing it to others. I think the only problem I am facing now is that I can't use in known config examples our AS205082. But here we face another problem if I understand correcttly - what to do if not only our community is 4B? I may "shrink our" to any 16-bit equivalent like 65250 I use in my examples. But stil if I have a peer with AS123456 - how to accept his 4B AS in communities received from our peers? Fe. old Cisco can connect to 4B ASn but can't work on 4B communities I think. So it can't send me request - do not announce us to AS123456. But I think second problem is not very important for me. If someone cannot send 4B community so.. it is a pitty for him. My problem is to let people know what we can accept and process if they wish and can send us their preferences. Thus - I need to work with 4B communities in most common way possible. So yes - I would be happy to find an example which would work with 4B extended communities both - for myas and peeras sides. If I am right with SIXT example - bgp_ext_community are supported for peeras? If yes - the only problem is myas which still can't be 4B. But I may replace it with fake-16bit-pseudo-myas ;-]. All should be working then? Best wishes, Peter -----Oryginalna wiadomość----- From: Ondrej Zajicek Sent: Monday, January 22, 2018 4:16 PM To: Piotr Marciniak Cc: bird-users@network.cz Subject: Re: Community for small IX - problem with 4B ASN Well, that depends on exact meaning of 'communities'. There are three different independent community attributes: - 'traditional' communities (RFC 1997) - Extended communities (RFC 4360) - Large communities (RFC 8092) Attribute bgp_community is for traditional communities, which are limited to 16 bit components. So you cannot use 32bit ASNs with them. Also, even if you used 16bit private ASN as myas, you cannot use them for 32bit peeras. You can use Extended communities (and that is usual setting in IXes), but they can have one component 32 bit, but not both. So if you have 16bit myas, you could have 32bit peeras. Or you can use new Large communities, which are fully 32bit, and ditch both traditional and Extended communities. But this is pretty new standard and i am not sure how widely is supported by other systems. -- Elen sila lumenn' omentielvo Ondrej 'Santiago' Zajicek (email: santiago@crfreenet.org) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) "To err is human -- to blame it on a computer is even more so."
Hi Piotr , May be the most simple thing - to change your ASN number to 16bit - in case if solid % of your customers support and use only traditional communities (RFC 1997) . RIPE can help. Piotr Marciniak пишет 22.01.2018 18:46:
Hello Ondrej,
I am seeking for a way to make our small local IXP project to be a bit more flexible and safe. I think we could do with implementation of communities which would allow our peers to prepend or block their prefixes from annoncing to specific peer or all peers.
Goal is simple. Peer A should be able to send to us community to prepend or block announcing his prefixes to chosen by ASn Peer B or all peers.
Which community standard I would like to use? Most supported on typical, (mosttly) local ISP BGP routers - from Mikrotik by Cisco to Bird. I do not think it is extraordinary wish. ;-] Rather typical for most IXP of any size.
In our scenario we rather do not need to forward communities. Just to collect info from Peer A what to do with his prefixes before announcing it to others.
I think the only problem I am facing now is that I can't use in known config examples our AS205082. But here we face another problem if I understand correcttly - what to do if not only our community is 4B? I may "shrink our" to any 16-bit equivalent like 65250 I use in my examples. But stil if I have a peer with AS123456 - how to accept his 4B AS in communities received from our peers? Fe. old Cisco can connect to 4B ASn but can't work on 4B communities I think. So it can't send me request - do not announce us to AS123456.
But I think second problem is not very important for me. If someone cannot send 4B community so.. it is a pitty for him. My problem is to let people know what we can accept and process if they wish and can send us their preferences. Thus - I need to work with 4B communities in most common way possible.
So yes - I would be happy to find an example which would work with 4B extended communities both - for myas and peeras sides. If I am right with SIXT example - bgp_ext_community are supported for peeras? If yes - the only problem is myas which still can't be 4B. But I may replace it with fake-16bit-pseudo-myas ;-]. All should be working then?
Best wishes,
Peter
-----Oryginalna wiadomość----- From: Ondrej Zajicek Sent: Monday, January 22, 2018 4:16 PM To: Piotr Marciniak Cc: bird-users@network.cz Subject: Re: Community for small IX - problem with 4B ASN
Well, that depends on exact meaning of 'communities'. There are three different independent community attributes:
- 'traditional' communities (RFC 1997) - Extended communities (RFC 4360) - Large communities (RFC 8092)
Attribute bgp_community is for traditional communities, which are limited to 16 bit components. So you cannot use 32bit ASNs with them. Also, even if you used 16bit private ASN as myas, you cannot use them for 32bit peeras.
You can use Extended communities (and that is usual setting in IXes), but they can have one component 32 bit, but not both. So if you have 16bit myas, you could have 32bit peeras.
Or you can use new Large communities, which are fully 32bit, and ditch both traditional and Extended communities. But this is pretty new standard and i am not sure how widely is supported by other systems.
I will use some private 16-bit ASn as before. For filters in our local IXP should be ok. Best wishes, Piotr Marciniak -----Oryginalna wiadomość----- From: Mikhail Grishin Sent: Tuesday, January 23, 2018 8:58 AM To: bird-users@network.cz Subject: Re: Community for small IX - problem with 4B ASN Hi Piotr , May be the most simple thing - to change your ASN number to 16bit - in case if solid % of your customers support and use only traditional communities (RFC 1997) . RIPE can help. Piotr Marciniak пишет 22.01.2018 18:46:
Hello Ondrej,
I am seeking for a way to make our small local IXP project to be a bit more flexible and safe. I think we could do with implementation of communities which would allow our peers to prepend or block their prefixes from annoncing to specific peer or all peers.
Goal is simple. Peer A should be able to send to us community to prepend or block announcing his prefixes to chosen by ASn Peer B or all peers.
Which community standard I would like to use? Most supported on typical, (mosttly) local ISP BGP routers - from Mikrotik by Cisco to Bird. I do not think it is extraordinary wish. ;-] Rather typical for most IXP of any size.
In our scenario we rather do not need to forward communities. Just to collect info from Peer A what to do with his prefixes before announcing it to others.
I think the only problem I am facing now is that I can't use in known config examples our AS205082. But here we face another problem if I understand correcttly - what to do if not only our community is 4B? I may "shrink our" to any 16-bit equivalent like 65250 I use in my examples. But stil if I have a peer with AS123456 - how to accept his 4B AS in communities received from our peers? Fe. old Cisco can connect to 4B ASn but can't work on 4B communities I think. So it can't send me request - do not announce us to AS123456.
But I think second problem is not very important for me. If someone cannot send 4B community so.. it is a pitty for him. My problem is to let people know what we can accept and process if they wish and can send us their preferences. Thus - I need to work with 4B communities in most common way possible.
So yes - I would be happy to find an example which would work with 4B extended communities both - for myas and peeras sides. If I am right with SIXT example - bgp_ext_community are supported for peeras? If yes - the only problem is myas which still can't be 4B. But I may replace it with fake-16bit-pseudo-myas ;-]. All should be working then?
Best wishes,
Peter
-----Oryginalna wiadomość----- From: Ondrej Zajicek Sent: Monday, January 22, 2018 4:16 PM To: Piotr Marciniak Cc: bird-users@network.cz Subject: Re: Community for small IX - problem with 4B ASN
Well, that depends on exact meaning of 'communities'. There are three different independent community attributes:
- 'traditional' communities (RFC 1997) - Extended communities (RFC 4360) - Large communities (RFC 8092)
Attribute bgp_community is for traditional communities, which are limited to 16 bit components. So you cannot use 32bit ASNs with them. Also, even if you used 16bit private ASN as myas, you cannot use them for 32bit peeras.
You can use Extended communities (and that is usual setting in IXes), but they can have one component 32 bit, but not both. So if you have 16bit myas, you could have 32bit peeras.
Or you can use new Large communities, which are fully 32bit, and ditch both traditional and Extended communities. But this is pretty new standard and i am not sure how widely is supported by other systems.
participants (6)
-
Alexander Zubkov -
Chris Caputo -
Daniel Suchy -
Mikhail Grishin -
Ondrej Zajicek -
Piotr Marciniak