ROA with static protocol in BIRD 2

Robert Scheck bird at robert-scheck.de
Tue Feb 25 02:11:07 CET 2020


Good evening,

I wonder if there's a good, full example about ROA with static protocol in
BIRD 2. The following snippet is only for BIRD 1.x, right?

--- %< ---
roa table roa {
  roa 1.0.0.0/24 max 24 as 13335;
  # […]
}
--- %< ---

Based on various snippets and half examples on the Internet, I've made this
currently:

--- %< /etc/bird.conf %< ---
# […]

roa4 table roa_v4;
roa6 table roa_v6;
include "/var/lib/rpki-client/bird2";

function reject_invalid_roa() {
  if (force_roa_table_update > 0) then {
    if (net.type = NET_IP4) then {
      case roa_check(roa_v4, net, bgp_path.last) {
        ROA_INVALID:
          reject;
#        ROA_VALID:
#        ROA_UNKNOWN:
      }
    }

    if (net.type = NET_IP6) then {
      case roa_check(roa_v6, net, bgp_path.last) {
        ROA_INVALID:
          reject;
#        ROA_VALID:
#        ROA_UNKNOWN:
      }
    }
  }
}

# […]
--- %< /etc/bird.conf %< ---

Note that /var/lib/rpki-client/bird2 is generated on a regular base.

--- %< /var/lib/rpki-client/bird2 %< ---
define force_roa_table_update = 1582237716;

protocol static {
  roa4 { table roa_v4; };

  route 1.0.0.0/24 max 24 as 13335;
  # […]
}

protocol static {
  roa6 { table roa_v6; };

  route 2001:200::/32 max 32 as 2500;
  # […]
}
--- %< /var/lib/rpki-client/bird2 %< ---

This however raises the following questions for me:

 - Is this good style at all?
 - Should "roa4 table roa_v4; roa6 table roa_v6;" be moved to the include?
 - To cover IPv4 and IPv6, I need two different tables and two different
   static protocols, and there is no way using one table/channel, right?
 - Is "define force_roa_table_update = 1582237716;" still needed with BIRD
   2.0.7 to ensure proper revalidation?
 - Some use "bgp_path.last_nonaggregated", some "bgp_path.last". What is
   more suitable here?
 - Is "birdc configure soft && birdc reload in all" the only/best way?


Regards,
  Robert


More information about the Bird-users mailing list