IPv6 BIRD filters

Martin Huněk martin.hunek at lbcfree.net
Fri Aug 25 11:43:55 CEST 2017


Hi Marek,

if you are searching for decent BGP filters you may want consult a project wiki 
[1]. That filters seems to be fine for most of the IPv4 cases. For the IPv6 
martians you might want to use a fltr-martian6 object in RIPE-DB to modify a 
filter found in wiki.

As for the private ASN, make sure that you don't have "allow local as 
[number]" present in neighbor configuration. By default bird should not accept 
any route with private ASN. Other than that, the route seems fine to me.

Sincerely
Martin

[1] https://gitlab.labs.nic.cz/labs/bird/wikis/BGP_filtering

Dne čtvrtek 24. srpna 2017 14:22:02 CEST, Marek Królikowski napsal(a):
> Hello Guys,
> Anyone create maybe a good filters for BIRD IPv6 upstreams?
> I just add this to my import filter:
> import filter {
> if bgp_path.len > 49 then reject;
> if (net.len < 16) || (net.len > 48) then reject;
> accept;
> };
> 
> But i saw i get strange routing:
> root at it-bgp:~# birdc6 show route 2404:1710::/28
> BIRD 1.6.3 ready.
> 2404:1710::/28     via 2a02:XXXX:XXXX:1 on eth0 [Italy 13:52:47 from
> 2a02:XXXX:XXXX::2] * (100/?) [AS65332i]
> 
> Anyone got any good filter to block something like this?
> 
> Best Regards
> Marek

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: This is a digitally signed message part.
URL: <http://trubka.network.cz/pipermail/bird-users/attachments/20170825/1b35d34c/attachment.asc>


More information about the Bird-users mailing list