Again on communities...

Wed Feb 1 20:50:26 CET 2012

On Wed, Feb 01, 2012 at 06:44:54PM +0100, Simone Morandini wrote:
> Hi guys,
> 
> one question (again) on communities: consider the following filtering 
> function, applied on pipe protocols (no filtering on bgp protocol):
> 
> function bgp_out(int peeras)
> {
>         if !(source = RTS_BGP) then return false;
>         if (0,     peeras) ~ bgp_community  then return false;
>         if (65004, peeras) ~ bgp_community  then return true;
>         if (0,     65004)  ~ bgp_community  then return false;
>         return true;
> }
> 
> If a given peer wants to peer only with two specific ASNs, he will then 
> send these communities: (65004,ASN1) (65004,ASN2) to the route server.
> Is it correct to say that such a filter simply doesn't work for this 
> purpose? That is, routes are however announced to all the participants?

In your case routes are announced to all participants because of
last 'return true'.

If you want to run such function in a right way then introduce some
default community, for example (65004,65004). In bgp_in function 
add it to prefixes that are not marked with any of (0,     peeras) 
or (65004, peeras).
And modify a bit your function:

function bgp_out(int peeras)
{
	if !(source = RTS_BGP) then return false;
	if (0,     peeras) ~ bgp_community  then return false;
	if (0,     65004)  ~ bgp_community  then return false;

	if ( (65004, peeras) ~ bgp_community ||
	     (65004, 65004) ~ bgp_community ) then return true;

	return false;
}

In this function communitites (0, *) have bigger priority, i.e. 
if your RS receive prefix with (0, 65004) and (65004, 100) then 
it will not announce prefix to AS100 despite of (65004, 100).
You may change this behaviour on your requirements.

-- 
MINO-RIPE