simple filters question
Sergey Popovich
popovich_sergei at mail.ru
Fri Nov 8 09:58:06 CET 2013
В письме от 7 ноября 2013 16:05:50 пользователь John Jensen написал:
> Hi,
>
> We're about to migrate our exchange to a /23 and we're likely going to do
> it over time. I have a simple filter in place to check and make sure that
> the NEXT_HOP is within our exchange's subnet. Originally it looked like
> this:
>
> function check_ixp_next_hop(ip nexthop)
> prefix ixpnet;
> {
> ixpnet = x.x.x.x/24;
> if ! (nexthop ~ ixpnet) then return false;
> return true;
> }
>
>
> And then within the inbound filter for each peer's ASN:
>
> if ! (check_ixp_next_hop(bgp_next_hop)) then reject;
>
>
> Since we're going to be caring about two distinct prefixes while we perform
> the migration, I changed the filter to look like this:
>
> function check_ixp_next_hop(ip nexthop)
> prefix set ixpnet;
> {
> ixpnet = [ x.x.x.x/24, y.y.y.y/23 ];
Also, pay attention, you should use something like
ixpnet = [ x.x.x.x/24+, y.y.y.y/23+ ];
To match subnets.
> if ! (nexthop ~ ixpnet) then return false;
> return true;
> }
>
Even simpler:
-------------
function check_ixp_next_hop(ip nexthop)
{
return nexthop ~ [ x.x.x.x/24+, y.y.y.y/23+ ];
}
--
SP5474-RIPE
Sergey Popovich
More information about the Bird-users
mailing list