On Mon, 22 Jan 2018, Chris Caputo wrote:

To see the communities supported by the SIX route servers, refer to:

https://www.seattleix.net/route-servers#communities

Below is how we do it with bird 1.6.3. Not sure about 2.0+.

I hope this helps and feedback from the community is welcome.

Chris

---

define myas = SET TO IXP ASN; define peerPrepend1 = 65001; define peerPrepend2 = 65002; define peerPrepend3 = 65003;

# BGP output filter (based on communities) # Returning false means don't propagate route to peeras. # Returning true means do propagate route to peeras. function bgp_out_comm(int peeras) { if ! (source = RTS_BGP ) then return false;

if (myas,0,peeras) ~ bgp_large_community then return false; if (myas,1,peeras) ~ bgp_large_community then return true; if (myas,0,0) ~ bgp_large_community then return false;

if peeras > 65535 then { if (ro,0,peeras) ~ bgp_ext_community then return false; if (ro,myas,peeras) ~ bgp_ext_community then return true; if ((ro,0,myas) ~ bgp_ext_community) then return false; } else { if ((0,peeras) ~ bgp_community) || ((ro,0,peeras) ~ bgp_ext_community) then return false; if ((myas,peeras) ~ bgp_community) || ((ro,myas,peeras) ~ bgp_ext_community) then return true; if ((0,myas) ~ bgp_community) || ((ro,0,myas) ~ bgp_ext_community) then return false; } return true; }

I now believe the above and examples at: https://gitlab.labs.nic.cz/labs/bird/wikis/Route_server_with_community_based... https://www.nanog.org/meetings/nanog57/presentations/Wednesday/wed.general.F... and likely elsewhere, are buggy in that 32-bit ASN peers of the route server will be exempt from a standard community deny of (0:IXP_ASN). They shouldn't be. I believe the deny check for both standard and extended communities needs to be outside of the check for a 32-bit ASN peer during the export evaluation. Thus the above should be changed as follows: --- define myas = SET TO IXP ASN; # BGP output filter (based on communities) # Returning false means don't propagate route to peeras. # Returning true means do propagate route to peeras. function bgp_out_comm(int peeras) { if ! (source = RTS_BGP ) then return false; if (myas,0,peeras) ~ bgp_large_community then return false; if (myas,1,peeras) ~ bgp_large_community then return true; if (myas,0,0) ~ bgp_large_community then return false; if peeras > 65535 then { if (ro,0,peeras) ~ bgp_ext_community then return false; if (ro,myas,peeras) ~ bgp_ext_community then return true; } else { if ((0,peeras) ~ bgp_community) || ((ro,0,peeras) ~ bgp_ext_community) then return false; if ((myas,peeras) ~ bgp_community) || ((ro,myas,peeras) ~ bgp_ext_community) then return true; } if ((0,myas) ~ bgp_community) || ((ro,0,myas) ~ bgp_ext_community) then return false; return true; } --- Diff as follows: --- { if (ro,0,peeras) ~ bgp_ext_community then return false; if (ro,myas,peeras) ~ bgp_ext_community then return true; - if ((ro,0,myas) ~ bgp_ext_community) then return false; } else { if ((0,peeras) ~ bgp_community) || ((ro,0,peeras) ~ bgp_ext_community) then return false; if ((myas,peeras) ~ bgp_community) || ((ro,myas,peeras) ~ bgp_ext_community) then return true; - if ((0,myas) ~ bgp_community) || ((ro,0,myas) ~ bgp_ext_community) then return false; } + + if ((0,myas) ~ bgp_community) || ((ro,0,myas) ~ bgp_ext_community) then return false; + return true; } --- Feedback welcome and if agreed, I think the wiki should be updated. Thanks, Chris