Any IX willing to share their config?
Alexander Shikoff
minotaur at crete.org.ua
Fri Dec 24 22:07:41 CET 2010
On Tue, Nov 30, 2010 at 09:34:25AM -0600, James Montz wrote:
> We are a new Internet Exchange in Minneapolis, MN, USA. Currently evaluating BIRD as our
> route server.
>
> Basic config working in lab with both IPv4 & IPv6 daemon.
>
> Would like to see another IX's configuration to see how they are handling filtering,
> sessions, convention, etc.
Hello,
We have one configuration issue in our IXP that can be interesting for
those who use BIRD as route server.
Some days ago our IXP received a connection request from customer with 32bit
ASN. We use the same BGP policy as many other IXes do:
0:XXXXX - Do not announce route to peer XXXXX
0:MyASN - Do not announce route to all peers
MyASN:XXXXX - Announce route to peer XXXXX only
MyASN:MyASN - Announce routes to all peers. This community is
automatically added to all routes that are not
tagged with any of MyASN:XXXXX communities.
We had no customers with 32bit ASNs before and that request made us a bit
confused: we're using BIRD as route-server and it does not support BGP extended
communities. And now we're wondering how to include support for 32bit ASNs
into such policy?
The idea is to store high 16 bits and low 16 bits of ASN separately
in two communities, for example:
65000:0x0003, 0:0x02D7 - Do not announce prefix to peer with ASN 0x000302D7
Then put a check of 65000:* in filter.
The function below implements described policy. In addition, it marks
outgoing prefixes from route-server in the same way.
function bgp_out (int peer_as)
int asn_h;
int asn_l;
int t;
{
#
# Announce only BGP routes
#
if ! (source = RTS_BGP ) then return false;
#
# Do not advertise route with 0:MyASN community
#
if (0,MyASN) ~ bgp_community then return false;
#
# Check for 32-bit ASN
#
if peer_as > 65535 then {
# Get high 16 bits of Peer's ASN
asn_h = peer_as/65536;
# Get low 16 bits of Peer's ASN
asn_l = peer_as-asn_h*65536;
# Do not advertise route with [ 65000:asn_h, 0:asn_l ] communities
if ( (65000,asn_h) ~ bgp_community &&
(0,asn_l) ~ bgp_community) then
return false;
# Advertise a route with [ 65000:asn_h, MyASN:asn_l ] communities or with MyASN:MyASN community
if ( ( (65000,asn_h) ~ bgp_community && (MyASN,asn_l) ~ bgp_community) ||
(MyASN,MyASN) ~ bgp_community ) then {
bgp_community.delete([ (0,0)..(65535,65535) ]);
if bgp_path.first > 65535 then {
# Bug (?) Workarond.
# bgp_community.add((MyASN,bgp_path.first-bgp_path.first/65536*65536)); - does not work
t = bgp_path.first/65536;
bgp_community.add((65000,t));
t = t * 65536;
bgp_community.add((MyASN,bgp_path.first-t));
} else bgp_community.add((MyASN,bgp_path.first));
return true;
}
return false; # We should never reach this...
} else {
if ((MyASN,peer_as) ~ bgp_community ||
(MyASN,MyASN) ~ bgp_community) then {
bgp_community.delete([ (0,0)..(65535,65535) ]);
if bgp_path.first > 65535 then {
# Bug (?) Workarond.
# bgp_community.add((MyASN,bgp_path.first-bgp_path.first/65536*65536)); - does not work
t = bgp_path.first/65536;
bgp_community.add((65000,t));
t = t * 65536;
bgp_community.add((MyASN,bgp_path.first-t));
} else bgp_community.add((MyASN,bgp_path.first));
return true;
} else
return false;
}
# Do not advertise route in any another cases
return false;
}
Comments, optimizations are heartily appreciated!
--
MINO-RIPE
More information about the Bird-users
mailing list