simple filters question

John Jensen jensenja at gmail.com
Fri Nov 8 18:44:01 CET 2013 

Again, speaking too soon here. Sorry for the spam. I read the documentation
again - the ~ operator can be used with an "ip" type on the left and a
"prefix" type on the right. So it would seem as though applying this to a
prefix set should be something useful/an extension of checking if an IP is
within a single prefix. I'll post back when I've applied the patch to let
folks know if it worked.

Thanks again!

-JJ


On Fri, Nov 8, 2013 at 12:08 PM, John Jensen <jensenja at gmail.com> wrote:

> Thanks for the function optimization. This does indeed make it simpler! I
> also believe I had misunderstood the documentation when I expected this to
> work - obviously "ip" and "prefix" are different types, and now that I've
> re-read the documentation on the ~ operator - "it can be used on element
> and set of elements of the same type "
>
> My apologies. I appreciate the patch and will apply it shortly.
>
> Thanks,
>
> -JJ
>
>
> On Fri, Nov 8, 2013 at 3:58 AM, Sergey Popovich <popovich_sergei at mail.ru>wrote:
>
>> В письме от 7 ноября 2013 16:05:50 пользователь John Jensen написал:
>> > Hi,
>> >
>> > We're about to migrate our exchange to a /23 and we're likely going to
>> do
>> > it over time. I have a simple filter in place to check and make sure
>> that
>> > the NEXT_HOP is within our exchange's subnet. Originally it looked like
>> > this:
>> >
>> > function check_ixp_next_hop(ip nexthop)
>> > prefix ixpnet;
>> > {
>> >   ixpnet = x.x.x.x/24;
>> >   if ! (nexthop ~ ixpnet) then return false;
>> >   return true;
>> > }
>> >
>> >
>> > And then within the inbound filter for each peer's ASN:
>> >
>> > if ! (check_ixp_next_hop(bgp_next_hop)) then reject;
>> >
>> >
>> > Since we're going to be caring about two distinct prefixes while we
>> perform
>> > the migration, I changed the filter to look like this:
>> >
>> > function check_ixp_next_hop(ip nexthop)
>> > prefix set ixpnet;
>> > {
>> >   ixpnet = [ x.x.x.x/24, y.y.y.y/23 ];
>>
>> Also, pay attention, you should use something like
>>
>>     ixpnet = [ x.x.x.x/24+, y.y.y.y/23+ ];
>>
>> To match subnets.
>>
>> >   if ! (nexthop ~ ixpnet) then return false;
>> >   return true;
>> > }
>> >
>>
>> Even simpler:
>> -------------
>>
>> function check_ixp_next_hop(ip nexthop)
>> {
>>   return nexthop ~ [ x.x.x.x/24+, y.y.y.y/23+ ];
>> }
>>
>> --
>> SP5474-RIPE
>> Sergey Popovich
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://trubka.network.cz/pipermail/bird-users/attachments/20131108/728d886e/attachment-0001.html>

More information about the Bird-users mailing list