BPG inbound filtering based on origin as-path and communities - configuration review (moving from quagga to bird)
Shahan Agha
shahan.agha92 at gmail.com
Thu Nov 15 12:51:31 CET 2018
In additions to above, I forgot to highlight that i need to move it to Bird
version 1.4.5.
Thanks,
Agha
On Thu, 15 Nov 2018 at 12:23, Shahan Agha <shahan.agha92 at gmail.com> wrote:
> Hi All,
>
> I am working on migrating some systems from quagga to bird and would like
> to have some details regarding the filtering and how to set this up.
> Currently we are doing inbound bgp filtering based on as-path access-lists,
> prefix-lists and communities. Since i dont have much familiarity with Bird
> and more familiar with Cisco (quagga is quite similar), i would appreciate
> if the Bird configuration can be reviewed,
>
> *Currently on quagga we are doing it the following way: *
> !
> neighbor X.X.X.X route-map route-in in
> !
> route-map route-in permit 10
> match as-path as-in
> set local-preference 99
>
> ip as-path access-list as-in permit _ 1234 _
> ip as-path access-list as-in permit _5678_
> !
> route-map route-in permit 11
> match community route-in-direct
> set local-preference 110
>
> ip community-list standard route-in-direct permit 1010:2020
> !
> route-map route-in permit 12
> match community route-in-eu
> set local-preference 121
>
> ip community-list standard route-in-eu permit 3030:4040
> ip community-list standard route-in-eu permit 5050:6060
> !
> route-map route-in permit 13
> !
>
> *Goals to achieve: *
>
> 1. Block my fixed pulic ip address block to be advertised back to me in
> order to avoid any sort of loops
> 2. If some traffic is originated from specific origin ASN like in Cisco
> quagga the expression is _ 1234 _ , set their local preference to 110.
> This needs to be done for multiple origin ASNs.
> 3. Route received with one specific community should have its local
> preference set to 110
> 4. Set local preference to 99 matching specific set of communities.
>
> *Future Bird configuration: *
>
> function ebgp_in()
> prefix set my_public;
> {
>
> #Goal. 1
> my_public = [ 12.13.14.0/22+ ];
> if net ~ my_public then return false;
>
> #Goal. 2
> if bgp_path ~ [(= * 1234 * =),(= * 4567 * =) ]
> bgp_local_pref = 99; }
>
> #Goal. 3
> if bgp_community ~ [(1010,2020)] then {
> bgp_local_pref = 110; }
>
> #Goal. 4
> if bgp_community ~ [(3030,4040),(5050,6060)] then {
> bgp_local_pref = 121; }
>
> return true;
> }
>
> I would really appreciate if bird experts could help me with this. ;)
>
> Thanks,
> Agha
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://trubka.network.cz/pipermail/bird-users/attachments/20181115/5b368562/attachment.html>
More information about the Bird-users
mailing list