Invalid ROA

Fabiano D'Agostino fabiano.dagostino96 at gmail.com
Mon Apr 20 15:19:55 CEST 2020 

Thanks, it worked. So the community isn't needed? I tried 'show route table
t_0002_as2 where bgp_large_community  ~ [(1,1101,13)]' and it prints:
Table t_0002_as2:

Il giorno lun 20 apr 2020 alle ore 15:00 Maria Matejka <maria.matejka at nic.cz>
ha scritto:

>         show route all filtered
>
> shows only routes from master4 and master6 tables
>
> to show routes from this protocol, use
>
>         show route table t_0002_as2 all filtered
>
> Maria
>
> On 4/20/20 2:50 PM, Fabiano D'Agostino wrote:
> > Yes, I just enabled it:
> > protocol bgp {
> >      ...
> >      ipv4{
> >             import keep fitlered;
> >             import limit 250 action restart;
> >             import filter filter_rpki;
> >             table t_0002_as2;
> >     }
> > }
> >
> > RPKI is working because if I check the syslog I find the invalid printed
> > prefixes, but 'show route all filtered' doesn't show anything.
> >
> > Il giorno lun 20 apr 2020 alle ore 14:05 Maria Matejka
> > <maria.matejka at nic.cz <mailto:maria.matejka at nic.cz>> ha scritto:
> >
> >     And do you have
> >     import keep filtered;
> >     in your config?
> >     Maria
> >
> >     On 4/20/20 11:19 AM, Fabiano D'Agostino wrote:
> >      > Hi,
> >      > In my route server bird.conf I did this:
> >      > define FILTERED_RPKI_INVALID = (1,1101,13);
> >      >
> >      > filter filter_rpki{
> >      > if roa_check(..)=ROA_INVALID then
> >      > {bgp_large_community.add(FILTERED_RPKI_INVALID);reject;}
> >      > }
> >      >
> >      > But when I do 'show route all filtered' I get nothing, I also
> >     tried with
> >      > 'show route bgp_large_community ~ [(1,1101,13)]' and I have the
> >     same result.
> >      > Because I would like to have some statistics about
> >      > VALID/INVALID/UNKOWN prefixes and I saw that I could use the
> >     'show route
> >      > stats' command.
> >      >
> >      > Thanks,
> >      >
> >      > Fabiano
> >      >
> >      > Il giorno dom 19 apr 2020 alle ore 21:30 Alarig Le Lay
> >      > <alarig at swordarmor.fr <mailto:alarig at swordarmor.fr>
> >     <mailto:alarig at swordarmor.fr <mailto:alarig at swordarmor.fr>>> ha
> scritto:
> >      >
> >      >     On Sun 19 Apr 2020 20:42:21 GMT, Fabiano D'Agostino wrote:
> >      >      > Thanks!
> >      >      > But can I also use birdc to check rejected prefixes?
> >      >
> >      >     If you add a community, it will be visible with `show route
> all
> >      >     filtered`
> >      >
> >      >      > Anyway why do you suggest to use
> bgp_path.last_noaggregated?
> >      >
> >      >     Because you don’t want to check ROA against another ASN in the
> >      >     aggregated path.
> >      >
> >      >     --
> >      >     Alarig
> >      >
> >
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://trubka.network.cz/pipermail/bird-users/attachments/20200420/9ea89266/attachment.htm>

More information about the Bird-users mailing list