Re: ifname in filters

4 Jul 2016

      Just for clarification, this is what I try to achieve 'translated' for use
with quagga (ripd):

...
access-list filter1 permit 10.2.4.0/24
access-list filter1 deny 0.0.0.0/0
!
interface eth0
interface eth1
!
router rip
 network eth0
 distribute-list filter1 out eth0
 network eth1
 redistribute connected
...

On Mon, Jul 4, 2016 at 3:49 PM, Alexander Velkov <alvel85@googlemail.com>
wrote:
...
Hello,
I would like to configure RIP with different ACLs set on different RIP
interfaces. For this purpose I thought I could use the '*ifname*' route
attribute in bird filters. The problem I am facing is that when I use it,
no RIP routes are announced at all, so maybe I am using a wrong syntax.
If I don't use the *ifname = "eth0" *I see the following sent from the
bird's RIP instance (10.0.4.1 is configured on eth1 and 172.16.0.4 on
eth0). I would like the 10.2.4.1/32 route to be announced through eth0
only. I have also tried to use the *ifname ~ "eth0" *syntax with no luck.
*tcpdump:*
# tcpdump -i any -vvnn port 520
tcpdump: listening on any, link-type LINUX_SLL (Linux cooked), capture
size 65535 bytes
13:02:58.664760 IP (tos 0xc0, ttl 1, id 27713, offset 0, flags [none],
proto UDP (17), length 52)
    *10.0.4.1.520* > 224.0.0.9.520: [udp sum ok]
        RIPv2, Response, length: 24, routes: 1 or less
          AFI IPv4,        *10.2.4.1/32 <http://10.2.4.1/32>*, tag
0x0000, metric: 1, next-hop: self
        0x0000:  0202 0000 0002 0000 0a02 0401 ffff ffff
        0x0010:  0000 0000 0000 0001
13:03:14.686163 IP (tos 0xc0, ttl 1, id 27714, offset 0, flags [none],
proto UDP (17), length 52)
    *172.16.0.4.520* > 224.0.0.9.520: [udp sum ok]
        RIPv2, Response, length: 24, routes: 1 or less
          AFI IPv4,        *10.2.4.1/32 <http://10.2.4.1/32>*, tag
0x0000, metric: 1, next-hop: self
        0x0000:  0202 0000 0002 0000 0a02 0401 ffff ffff
        0x0010:  0000 0000 0000 0001
*bird config:*
protocol kernel {
#  persist;                # Don't remove routes on BIRD shutdown
  scan time 20;           # Scan kernel routing table every 20 seconds
  export all;             # Default is export none
  learn;
  device routes;
}
protocol device {
  scan time 10;           # Scan interfaces every 10 seconds
}
protocol direct {
  interface "*";
}
filter rip_export {
  # redistribute connected + RIP + ACL
  if ( ( source = RTS_DEVICE || source = RTS_RIP ) &&
       ( net ~ 10.2.4.0/24 && *ifname = "eth0"* ) ) then {
    print "net export accepted: ", net;
    accept;
  }
reject;
}
protocol rip RIP {
  debug all;
interface "eth0" {mode multicast; split horizon yes; poison reverse no;
};
  interface "eth1" {mode multicast; split horizon yes; poison reverse no;
};
import all;
  export filter rip_export;
}
Any help would be appreciated, thank you.
Alex

Alexander Velkov

tags

participants (1)