BPG inbound filtering based on origin as-path and communities - configuration review (moving from quagga to bird)
Maria Jan Matějka
jan.matejka at nic.cz
Thu Nov 15 15:23:56 CET 2018
On November 15, 2018 12:51:31 PM GMT+01:00, Shahan Agha <shahan.agha92 at gmail.com> wrote:
> In additions to above, I forgot to highlight that i need to move it to
> Bird
> version 1.4.5.
>
> Thanks,
> Agha
>
> On Thu, 15 Nov 2018 at 12:23, Shahan Agha <shahan.agha92 at gmail.com>
> wrote:
>
> > Hi All,
> >
> > I am working on migrating some systems from quagga to bird and would
> like
> > to have some details regarding the filtering and how to set this up.
> > Currently we are doing inbound bgp filtering based on as-path
> access-lists,
> > prefix-lists and communities. Since i dont have much familiarity
> with Bird
> > and more familiar with Cisco (quagga is quite similar), i would
> appreciate
> > if the Bird configuration can be reviewed,
> >
> > *Currently on quagga we are doing it the following way: *
> > !
> > neighbor X.X.X.X route-map route-in in
> > !
> > route-map route-in permit 10
> > match as-path as-in
> > set local-preference 99
> >
> > ip as-path access-list as-in permit _ 1234 _
> > ip as-path access-list as-in permit _5678_
> > !
> > route-map route-in permit 11
> > match community route-in-direct
> > set local-preference 110
> >
> > ip community-list standard route-in-direct permit 1010:2020
> > !
> > route-map route-in permit 12
> > match community route-in-eu
> > set local-preference 121
> >
> > ip community-list standard route-in-eu permit 3030:4040
> > ip community-list standard route-in-eu permit 5050:6060
> > !
> > route-map route-in permit 13
> > !
> >
> > *Goals to achieve: *
> >
> > 1. Block my fixed pulic ip address block to be advertised back to me
> in
> > order to avoid any sort of loops
> > 2. If some traffic is originated from specific origin ASN like in
> Cisco
> > quagga the expression is _ 1234 _ , set their local preference to
> 110.
> > This needs to be done for multiple origin ASNs.
> > 3. Route received with one specific community should have its local
> > preference set to 110
> > 4. Set local preference to 99 matching specific set of communities.
> >
> > *Future Bird configuration: *
> >
> > function ebgp_in()
> > prefix set my_public;
> > {
> >
> > #Goal. 1
> > my_public = [ 12.13.14.0/22+ ];
> > if net ~ my_public then return false;
> >
> > #Goal. 2
> > if bgp_path ~ [(= * 1234 * =),(= * 4567 * =) ]
> > bgp_local_pref = 99; }
> >
> > #Goal. 3
> > if bgp_community ~ [(1010,2020)] then {
> > bgp_local_pref = 110; }
> >
> > #Goal. 4
> > if bgp_community ~ [(3030,4040),(5050,6060)] then {
> > bgp_local_pref = 121; }
> >
> > return true;
> > }
> >
> > I would really appreciate if bird experts could help me with this.
> ;)
> >
> > Thanks,
> > Agha
> >
Just from a bus, shortly. We do not recommend moving to v1.4.5, that version is obsolete. Please use at least 1.6.3 or better 1.6.4, or even better the 2.0.2.
There are no packages yet for 2.x line, it should be fixed in near future when 2.0.3 will be released.
Thank you for your understanding.
Maria
More information about the Bird-users
mailing list