Another Netlink: File exists

micah micah at riseup.net
Mon Oct 6 18:23:50 CEST 2014 

Alexander Demenshin <aldem-bird.2014 at nk7.net> writes:

> On 2014-10-04 18:16, micah wrote:
>
>> I'm just doing bgp, no OSPF, my kernel protocol already is in 'learn'
>> mode, so I set the preference to 100000, but that didn't change
>> anything.
>
> Could you please post your config completely (excluding sensitive 
> information)?

Sure, see below.

>> Finally, is there a way to use a more useful pager with birdc?
>
> You can pipe output of birdc: "birdc show routes|less"

I figured that out yesterday, thanks though!

I've separated my bird configuration into a main config, a peers config,
and a filters config, any feedback would be very welcome. I'm also
getting these regularly, which would be nice to track down:

2014-10-06 09:20:01 <ERR> Filter <NULL> did not return accept nor reject. Make up your mind


Here is the main config:

# logging
log "/var/log/bird.log" { info, remote, warning, error, auth, fatal, bug };

# Turn on global debugging of all protocols
debug protocols all;

# router ID
router id 38.104.127.2;

# ASN
define ASN = 16652;

##########################################################################
## All filters
##########################################################################

# include the filters
include "filters.conf";

##########################################################################
## All our peers
##########################################################################

include "peers.conf";

protocol kernel {
        learn;			# Learn all alien routes from the kernel
        preference 100000;
        scan time 15;		# Scan kernel routing table every 20 seconds
	import all;		# Default is import all
	export all;		# Default is export none
}

# This pseudo-protocol watches all interface up/down events.
protocol device {
	scan time 15;		# Scan interfaces every 10 seconds
}

##########################################################################
## static routes
##########################################################################

protocol static static_bgp {
        # prefixes that are propagated to upstream. These prefixes are represented as 
        # unreachable routes, which seems strange but it does not matter for BGP and has 
        # a secondary advantage that packets for AS-local but unreachable destinations are 
        # rejected and not sent to the upstream.
        import all;
        route 204.13.164.0/24 reject;
        route 198.252.153.0/24 reject;
        route 199.254.238.0/24 reject;
}

Here is the peers config:

##########################################################################
## Bgp templates
##########################################################################

template bgp PEERS {
         local as ASN;
         debug { states, events };
         export filter bgp_out;
}

##########################################################################
## uplink peers
##########################################################################

### ASN 174 - COGENT


protocol bgp cogent from PEERS {
         description "Cogent";
         source address 38.104.127.2;
         neighbor 38.104.127.1 as 174;
         password "xxx";
         import filter bgp_in_cogent;
         # prefer cogent more than others, due to higher preference
         preference 500;
         default bgp_local_pref 500;
}

protocol bgp cogent_blackhole {
         description "Cogent blackhole server";
         local as ASN;
         source address 199.254.238.1;
         neighbor 66.28.8.1 as 174;
         multihop 255;
         password "xxx";
         import filter bgp_in_cogent;
         export filter bgp_allow_nothing_out;
}

protocol bgp swiftco from PEERS {
         description "Swiftco";
         source address 208.99.192.142;
         neighbor 208.99.192.121 as 25700;
         multihop 255;
         password "xxx";
         import filter bgp_in_swiftco;
         default bgp_local_pref 80;
         export none;
}

table t_spamd;

protocol bgp bgp_spamd {
	 description "http://bgp-spamd.net spam feed";
	 source address 38.104.127.2;
	 local as ASN;
	 neighbor 64.142.121.62 as 65066;
	 multihop 64;
         table t_spamd;
	 export none; # default, so not really needed
}


Here is filters.conf:

define OURNETS = [ 198.252.153.0/24, 199.254.238.0/24, 204.13.164.0/24 ];
define PEER_ASNS = [ 174, 25700 ];

##########################################################################
## print information about the route being filtered
##########################################################################

# This function excludes weird networks

# 169.254.0.0/16+ - IANA reserved "link local" block - hosts obtain these addresses through auto-configuration
# 0.0.0.0/0 - default route
# 192.168.0.0/16+, 10.0.0.0/8+, 172.16.0.0/12+ - RFC1918
# 224.0.0.0/3+ - class D multicast
# 240.0.0.0/4+ - class E multicast

function martians()
{
  return net ~ [ 169.254.0.0/16+, 192.168.0.0/16+, 10.0.0.0/8+, 172.24.0.0/13+, 172.25.0.0/16+, 172.26.0.0/16+, 
               172.27.0.0/16+, 172.28.0.0/16+, 172.29.0.0/16+, 172.30.0.0/16+, 172.31.0.0/16+,
               224.0.0.0/4+, 240.0.0.0/4+, 0.0.0.0/32-, 0.0.0.0/0{25,32}, 0.0.0.0/0{0,7}, 127.0.0.0/8+ ];

# this is a function, we should filter in a filter
#  # Avoid RFC1918 and similar networks
#  if net ~ martians then return false;
#
#  return true;
}

function local_network()
{
 return net ~ OURNETS;
}

function rt_import_all(int asn)
{
  if martians() || local_network() then return false;
  if bgp_path.first != asn then return false;
  if bgp_path.len > 64 then return false;
  # not sure this works with multi-hop, so disabling
  # if bgp_next_hop != from then return false;
  return true;
}

function rt_export()
{
  if proto = "static_bgp" then return true;
  if source != RTS_BGP then return false;
  if martians() then return false;
  if bgp_path.len > 64 then return false;
  return bgp_path.first ~ PEER_ASNS;
}


function rt_export_all()
{
  if proto = "static_bgp" then return true;
  if source != RTS_BGP then return false;
  if martians() then return false;
  if bgp_path.len > 64 then return false;
  return true;
}


filter bgp_in_cogent
{
        if ! rt_import_all(174) then reject;
        accept;
}

filter bgp_in_swiftco
{
        if ! rt_import_all(25700) then reject;
        accept;
}

# for outgoing BGP we do not want to announce anything but our own nets
filter bgp_out
{
        if proto = "swiftco" then
        {
                bgp_path.prepend(ASN);
                bgp_path.prepend(ASN);
                bgp_path.prepend(ASN);
        }
        # only allow our networks that are statically configured to be announced
        if ! rt_export() then 
        {
                reject;
        }
        accept;
}

filter bgp_allow_nothing_out
{
        reject;
}

More information about the Bird-users mailing list