Question for proper RPKI check integration in the bird v2.0.4 with Euro-IX Informational BGP communities

Irene Lalioti irene.lalioti at restena.lu
Wed Sep 25 16:24:29 CEST 2019


Děkuji moc Ondrej!

That was needed, because I had altered it initially to this after having
checked the ripe's slides

https://ripe78.ripe.net/wp-content/uploads/presentations/68-inex-ripe-reykjavik-rpki-2019-05-22.pdf

So the t_roa holds what exactly? not the variable of the route objects?


Thanks again ,

Hezký den!

Irene

On 9/25/19 4:14 PM, Ondrej Zajicek wrote:
> On Wed, Sep 25, 2019 at 11:36:20AM +0100, Barry O'Donovan wrote:
>> Hi Irene,
>>
>> looks like you're trying to put together a route server config?
>>
>> First thing that jumps out at me is you have "roa check" but it should
>> be "roa_check".
>>
>> We have full working sample configs that are used in our continuous
>> integration tests for IXP Manager - here's a v4 version which includes RPKI:
>>
>> https://github.com/inex/IXP-Manager/blob/master/data/travis-ci/known-good/ci-apiv4-b2-rs1-lan1-ipv4.conf
> Hi
>
> One note - for roa_check(), you should not use bgp_path.last_nonaggregated,
> you should use bgp_path.last, or better just use implicit form:
>
>  roa_check(t_roa)
>
> If there is AS_SET on end position, then result should be invalid if
> there are related ROAs, or unknown otherwise, (see RFC 6907), it should
> not be check based on neighboring (nonaggregated) ASN.
>
-- 
Irene Lalioti
Network Engineer
Fondation RESTENA
2, avenue de l'Université
L-4365 Esch/Alzette

Tel: +352 424409 1
Fax: +352 422473

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://trubka.network.cz/pipermail/bird-users/attachments/20190925/4dba75b6/attachment.htm>


More information about the Bird-users mailing list