AUTOMATIC INCOMING FILTERING
Matthew Walster
matthew at walster.org
Thu Aug 10 23:55:13 CEST 2017
On 10 August 2017 at 16:27, Janvier Rwakagabo <janvier.r at ricta.org.rw>
wrote:
>
> Has anyone automated prefix filtering, for example if a peer acquire a new
> prefix to be received automatically may be any IRR, you can share the
> working configuration.
>
Janvier,
Yes, there are many ways of doing this. In the past, I've used things like
https://github.com/snar/bgpq3 and I've been playing around with my own
version too: https://github.com/dotwaffle/prefixlister
Essentially, you run those tools periodically with the ASN or AS-SET you
want to generate the prefixes for, saving the output to a file. You then
include that file from within your main bird.conf and specify that prefix
set within your policy.
Be warned, though: While the RIPE region generally has very good IRR
listings (route/route6 objects) things aren't so good in other RIRs -- many
North American networks register at RADB, as do other regions if there
isn't a nice IRRDB available at their RIR, but especially in regions like
Asia and South America you will find a very low takeup of RPSL entries in
an IRRDB.
If you choose to peer with a network that does not have route objects
covering all of it's networks, you would do very well to at the very least
implement a prefix-limit on the BGP session, that stays "hard down" if it
is tripped.
Matthew Walster
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://trubka.network.cz/pipermail/bird-users/attachments/20170810/1b1776b9/attachment.html>
More information about the Bird-users
mailing list