bgp soft reconfiguration inbound
Ondrej Zajicek
santiago at crfreenet.org
Mon Nov 30 21:18:10 CET 2009
On Mon, Nov 30, 2009 at 04:40:23PM +0100, Wolfgang Hennerbichler wrote:
>
> On Nov 23, 2009, at 18:23 , Ondrej Zajicek wrote:
>
> > On Mon, Nov 23, 2009 at 08:19:43AM +0100, Wolfgang Hennerbichler wrote:
> >> well, this is because our concept differs from the one of nic.cz. We
> >> filter at the border, and build pipes to every neighbor who has decided
> >> to peer. See this illustration I've made for the last euro-ix:
> >> http://tiny.wogri.at/PP (red is the filters, the arcs are the pipes).
> >> This means we have no "main" rib. This is good in certain ways:
> >
> > Interesting concept. BTW, you should make sure that filters on the
> > pipes are set such that there is no loop for each route.
>
> hm. it seems that I do - sometimes - get loops.
>
> Nov 30 14:00:30 rs1 bird: Pipe loop detected when sending 84.205.69.0/24 to table T8596x130
> ...
> this only happens very rarely, maybe during configure soft or a bgp
> update. nevertheless I don't quite get it, because I do have filters in
> place which should avoid that. All my pipes look like this:
I checked the source for the loop check and it seems that there are some
problems in that code.
First, it is not very consistent - in one
direction the loop check is applied after the filter and in other
directon it is applied before the filter. Therefore it is possible that
sometimes the loop check is triggered even if the filter would also
reject the route. This is annoying but otherwise harmless, i hope.
Second, in some situations the loop check does not work and that causes
that the first problem manifests less often :-).
> protocol pipe P30971x30x15 {
> table T30971x30;
> mode transparent;
> peer table T5403x15;
> import filter { reject; };
> export filter {
> if from = 193.203.0.30 then {
> accept;
> }
> else reject;
> };
> }
All your pipes do reject in the import filter and relevant test in the export
filter? Every route passes through at most one pipe according to your expected
filter behavior?
> Do the pipes ignore the filters at any time?
I think filters are not ignored.
> PS: We've got BIRD running at VIX in Beta now, about 12 participants,
> no crashes, no problems at all (except for the loop notices)
That is nice.
--
Elen sila lumenn' omentielvo
Ondrej 'SanTiago' Zajicek (email: santiago at crfreenet.org)
OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net)
"To err is human -- to blame it on a computer is even more so."
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: Digital signature
URL: <http://trubka.network.cz/pipermail/bird-users/attachments/20091130/998405b0/attachment-0001.asc>
More information about the Bird-users
mailing list