Community for small IX - problem with 4B ASN

Piotr Marciniak zboj at mnc.pl
Mon Jan 22 14:46:39 CET 2018 

Hello Chris,

Thank you for your config. Looks much better. Still I have know error...

bird> conf check
Reading configuration from /etc/bird/bird.conf
/etc/bird/bird.conf, line 121: Value 205082 out of range (0-65535)

...but not in main section of filter. It is only here now:

# Remove IXP related communities
#(...)
bgp_community.delete([(myas,*)]);

Only this one line. Once commented - no errors in filter reported. Is there 
any fix for it?

Rgrds,

Peter

-----Oryginalna wiadomość----- 
From: Chris Caputo
Sent: Monday, January 22, 2018 2:25 PM
To: Piotr Marciniak
Cc: bird-users at network.cz
Subject: Re: Community for small IX - problem with 4B ASN

> 1. Is it possible to enable 4B ASn for communities in Bird? Will it work
> with other rouers?
> 2. Can we use instead private ASn just for community filters? Are they
> processed corretly by other Internet routers of our peers?

1. Yes.

2. I don't recommend it.

To see the communities supported by the SIX route servers, refer to:

  https://www.seattleix.net/route-servers#communities

Below is how we do it with bird 1.6.3.  Not sure about 2.0+.

I hope this helps and feedback from the community is welcome.

Chris

---

define myas = SET TO IXP ASN;
define peerPrepend1 = 65001;
define peerPrepend2 = 65002;
define peerPrepend3 = 65003;

# BGP output filter (based on communities)
# Returning false means don't propagate route to peeras.
# Returning true means do propagate route to peeras.
function bgp_out_comm(int peeras)
{
  if ! (source = RTS_BGP ) then return false;

  if (myas,0,peeras) ~ bgp_large_community then return false;
  if (myas,1,peeras) ~ bgp_large_community then return true;
  if (myas,0,0) ~ bgp_large_community then return false;

  if peeras > 65535 then
  {
    if (ro,0,peeras) ~ bgp_ext_community then return false;
    if (ro,myas,peeras) ~ bgp_ext_community then return true;
    if ((ro,0,myas) ~ bgp_ext_community) then return false;
  } else {
    if ((0,peeras) ~ bgp_community) || ((ro,0,peeras) ~ bgp_ext_community) 
then return false;
    if ((myas,peeras) ~ bgp_community) || ((ro,myas,peeras) ~ 
bgp_ext_community) then return true;
    if ((0,myas) ~ bgp_community) || ((ro,0,myas) ~ bgp_ext_community) then 
return false;
  }
  return true;
}

function bgp_out(int peeras)
{
  if !bgp_out_comm(peeras) then return false;

  # Prepends
  if peeras > 65535 then
  {
    if ((ro,peerPrepend1,peeras) ~ bgp_ext_community) || 
((myas,peerPrepend1,peeras) ~ bgp_large_community) then {
      bgp_path.prepend(bgp_path.first);
    }
    if ((ro,peerPrepend2,peeras) ~ bgp_ext_community) || 
((myas,peerPrepend2,peeras) ~ bgp_large_community) then {
      bgp_path.prepend(bgp_path.first);
      bgp_path.prepend(bgp_path.first);
    }
    if ((ro,peerPrepend3,peeras) ~ bgp_ext_community) || 
((myas,peerPrepend3,peeras) ~ bgp_large_community) then {
      bgp_path.prepend(bgp_path.first);
      bgp_path.prepend(bgp_path.first);
      bgp_path.prepend(bgp_path.first);
    }
  } else {
    if ((peerPrepend1,peeras) ~ bgp_community) || ((ro,peerPrepend1,peeras) 
~ bgp_ext_community) || ((myas,peerPrepend1,peeras) ~ bgp_large_community) 
then {
      bgp_path.prepend(bgp_path.first);
    }
    if ((peerPrepend2,peeras) ~ bgp_community) || ((ro,peerPrepend2,peeras) 
~ bgp_ext_community) || ((myas,peerPrepend2,peeras) ~ bgp_large_community) 
then {
      bgp_path.prepend(bgp_path.first);
      bgp_path.prepend(bgp_path.first);
    }
    if ((peerPrepend3,peeras) ~ bgp_community) || ((ro,peerPrepend3,peeras) 
~ bgp_ext_community) || ((myas,peerPrepend3,peeras) ~ bgp_large_community) 
then {
      bgp_path.prepend(bgp_path.first);
      bgp_path.prepend(bgp_path.first);
     bgp_path.prepend(bgp_path.first);
    }
  }

  # Remove IXP related communities
  bgp_community.delete([(0,*)]);
  bgp_community.delete([(myas,*)]);
  bgp_community.delete([(peerPrepend1,*)]);
  bgp_community.delete([(peerPrepend2,*)]);
  bgp_community.delete([(peerPrepend3,*)]);
  bgp_ext_community.delete([(ro,0,*)]);
  bgp_ext_community.delete([(ro,myas,*)]);
  bgp_ext_community.delete([(ro,peerPrepend1,*)]);
  bgp_ext_community.delete([(ro,peerPrepend2,*)]);
  bgp_ext_community.delete([(ro,peerPrepend2,*)]);
  bgp_large_community.delete([(myas,*,*)]);

  return true;
}

On Mon, 22 Jan 2018, Piotr Marciniak wrote:
> Dear Advisors ;],
>
> Thank you for all posts. But still I do not know how to make Bird working 
> with
> 4B communities and if I may do this - whether it will be accepted for our
> peers? In short - I do not know how to adapt to 4B communities following
> examples:
>
> https://gitlab.labs.nic.cz/labs/bird/wikis/Route_server_with_community_based_filtering_and_multiple_RIBs
> https://gitlab.labs.nic.cz/labs/bird/wikis/Route_server_with_community_based_filtering_and_single_RIB
>
> Is there any way to enable 4B communities in bird.conf?
>
> I do not have any problem with 4B ASn. I set bgp peering sessions from 
> Bird
> with 4B ASn. Even our IX has AS205082.
>
> This is why I put 2 questions:
>
> 1. Is it possible to enable 4B ASn for communities in Bird? Will it work
> with other rouers?
> 2. Can we use instead private ASn just for community filters? Are they
> processed corretly by other Internet routers of our peers?
>
> Please - do not explain me theoretical difference between 16 and 32 bits.
> Question is simple - can I use 4B communities for filters? If not - what 
> 16bit
> "fake ASn" I can use instead safely?
>
> Best wishes,
>
> Piotr Marciniak
>
>
> -----Oryginalna wiadomość----- From: Paweł Nastachowski
> Sent: Monday, January 22, 2018 1:12 PM
> To: Piotr Marciniak
> Cc: bird-users at network.cz
> Subject: Re: Community for small IX - problem with 4B ASN
>
> Hi Piotr,
>
> I should use extended community for 4B ASN, because normal community is 
> too
> small “Encodes a 32-bit value displayed as “16-bit ASN:16-bit value”.
>
> Regards,
> Pawel
>
> -----Wiadomość oryginalna-----
> Od: Bird-users <bird-users-bounces at network.cz> w imieniu użytkownika Piotr
> Marciniak <zboj at mnc.pl>
> Data: poniedziałek, 22 stycznia 2018 11:15
> Do: "bird-users at network.cz" <bird-users at network.cz>
> Temat: Community for small IX - problem with 4B ASN
>
>    Hello,
>
>    I've spent a while on below docs and faced a problem with 4B ASN we 
> use.
>    Bird reports an error 'when 'myas' is 4B => so above 65535.
>    See some testing example below:
>
>    bird> configure
>    Reading configuration from /etc/bird/bird.conf
>    /etc/bird/bird.conf, line 81: Value 165250 out of range (0-65535)
>
>    The only way this config reports no error is to set here private ASn - 
> fe.
>    65250. But it will never match our real ASn.
>
>    Two questions:
>
>    1. Is it possible to enable 4B ASn for communities in Bird? Will it 
> work
>    with other rouers?
>    2. Can we use instead private ASn just for community filters? Are they
>    processed corretly by other Internet routers of our peers?
>
>    Or maybe there is another work around?
>
>    Best wishes,
>
>    Peter
>
>
>    -----Oryginalna wiadomość-----
>    From: Piotr Marciniak
>    Sent: Friday, December 29, 2017 5:01 PM
>    To: Ondrej Zajicek
>    Cc: bird-users at network.cz
>    Subject: Re: Community for small IX
>
>
>    There are some examples in BIRD wiki, mainly:
>
> 
> https://urldefense.proofpoint.com/v2/url?u=https-3A__gitlab.labs.nic.cz_labs_bird_wikis_Route-5Fserver-5Fwith-5Fcommunity-5Fbased-5Ffiltering-5Fand-5Fmultiple-5FRIBs&d=DwIDaQ&c=gxW9PgscCAGwFImBgfkGkoANogu61GVPNv0sglxAtik&r=5Q01PsGCLGh5Iipn2_EFz2pKmXKRl5oJ_tHzyrwTUhrj4D27CXd9SGXgnGWoH5Yy&m=b6e1rT2mu_bWkZiOT-71FnOGwrXSx-xnpaRwbI3-BFI&s=2UgZOD_Fkqt6ZgVqlXm_vXRiY1LP_MTlkWo-TGVqAtE&e=
> 
> https://urldefense.proofpoint.com/v2/url?u=https-3A__gitlab.labs.nic.cz_labs_bird_wikis_Route-5Fserver-5Fwith-5Fcommunity-5Fbased-5Ffiltering-5Fand-5Fsingle-5FRIB&d=DwIDaQ&c=gxW9PgscCAGwFImBgfkGkoANogu61GVPNv0sglxAtik&r=5Q01PsGCLGh5Iipn2_EFz2pKmXKRl5oJ_tHzyrwTUhrj4D27CXd9SGXgnGWoH5Yy&m=b6e1rT2mu_bWkZiOT-71FnOGwrXSx-xnpaRwbI3-BFI&s=KjVYea-iJRNl8BxFQFgkEeHLWFK8qwenAm_GRJDH4Q4&e=
>
>    --
>    Elen sila lumenn' omentielvo
>
>    Ondrej 'Santiago' Zajicek (email: santiago at crfreenet.org)
>    OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net)
>    "To err is human -- to blame it on a computer is even more so."
>
>
>
> This email is from Equinix (EMEA) B.V. or one of its associated companies 
> in
> the territory from where this email has been sent. This email, and any 
> files
> transmitted with it, contains information which is confidential, is solely 
> for
> the use of the intended recipient and may be legally privileged. If you 
> have
> received this email in error, please notify the sender and delete this 
> email
> immediately. Equinix (EMEA) B.V.. Registered Office: Amstelplein 1, 1096 
> HA
> Amsterdam, The Netherlands. Registered in The Netherlands No. 57577889.

More information about the Bird-users mailing list