BIRD 2.0.2 VPNv4 RD Filter
Hombach, Tobias
tobias.hombach at sap.com
Thu Oct 25 07:55:45 CEST 2018
Hi,
Is it possible in current BIRD 2.0.2 release to filter (more dynamically) VPNv4 prefixes based on RD? In our scenario, we want to use BIRD to connect large VPNv4 landscapes and want to filter prefixes based on RD on Route Server ingress.
I can extract RD from VPNv4 prefix with special operator '.rd'
filter vpnv4_ingress
{
if (net.rd = 5000:200) then accept;
reject;
}
This is working but I don't want 1x if-statement per RD as we have lots of RD's. Any ranges or wildcards are not allowed. Something like '5000:200..299' does not work. Or '5000:*' also does not work. I tried to create a constant for a VPNv4 prefix to use it in a filter:
function some_function()
prefix set test;
{
test = [ 0:5000:200 10.0.0.0/24 ];
}
Also not allowed. Creating a constant of data type 'vpnrd' did not work. Then I tried to handle the output of 'net.rd' as string to maybe use shell pattern.
filter vpnv4_ingress
string test;
{
test = "5000:20?";
if net.rd ~ test then accept;
reject;
}
Results in error: "<ERR> filters, line 90: ~ applied on unknown type pair". Changing the if-statement to 'if net.rd = test then accept;' does work w/o error but all prefixes are filtered. The shell pattern is not working. I guess the output of 'net.rd' is not a string. I also cannot save 'net.rd' output in a string variable.
Last but not least. I have found a undocumented function 'format()'. This function seems to return a string and shell patterns work. I guess the function should not be used in production so I just used it for testing.
define test = "5000:20?";
filter vpnv4_ingress
{
if format(net.rd) ~ test then accept;
reject;
}
<TRACE> some-router > added [best] 5000:200 200.200.200.0/24 unicast
But this works only once. As soon as I run 'configure' in BIRD client, BIRD does crash.
<INFO> Reconfiguring
<BUG> Unknown instruction 70 in same (F)
Long story short. Is there a best practice to filter VPNv4 based on RD? Or anything on the roadmap? Filtering on RT with Communities works fine but does not fit our purpose.
Thanks in advance!
Regards
Tobias
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://trubka.network.cz/pipermail/bird-users/attachments/20181025/107a167e/attachment.html>
More information about the Bird-users
mailing list