import where IPv6 BGP
Ondrej Zajicek
santiago at crfreenet.org
Mon Oct 9 21:24:57 CEST 2017
On Mon, Oct 09, 2017 at 02:32:44PM -0400, Robert Blayzor wrote:
> When running IPv6 daemon, I have a BGP peer:
>
> protocol bgp bogon_1 from BH_SERVER {
> import where net.len < 33;
> import filter BLACKHOLE_IN;
> import limit 100000 action warn;
> }
>
>
>
> The filter is simply an “accept;”. The problem I’m seeing however is
> that I’m getting prefixes imported that are longer than 32. In fact, it
> looks like “import where” is completely ignored in IPv6 (at least for
> net.len?). If I put “import where net.len = 0” I still see all the longer
> prefixes getting imported.
>
> If I go into the filter and add a “if net.len < 33 then reject;” then I see it work.
>
> Is this the expected behavior, a bug or am I missing something?
Hi
It is not two separate options 'import where' and 'import filter', but
one option 'import', so setting it second time (to 'filter BLACKHOLE_IN')
silently overwrites the previous value ('where net.len < 33').
--
Elen sila lumenn' omentielvo
Ondrej 'Santiago' Zajicek (email: santiago at crfreenet.org)
OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net)
"To err is human -- to blame it on a computer is even more so."
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
URL: <http://trubka.network.cz/pipermail/bird-users/attachments/20171009/2504d70e/attachment.asc>
More information about the Bird-users
mailing list