BIRD - RoA with aggregated prefixes - issue
Ondrej Zajicek
santiago at crfreenet.org
Mon Jul 13 12:19:07 CEST 2020
On Mon, Jul 13, 2020 at 09:32:16AM +0300, Javor Kliachev wrote:
>
>
> Hello,
>
> We're using BIRD 1.6.4 as Route Server.
>
>
> Recently we have implemented ROA prefix validation but we have hit the issue with prefixes that are aggregated only.
>
> What do I mean: When the prefix is aggregate and has something like 1234 { 10, 20 } in AS_PATH in last asn, bgp_path.last value returns zero ( 0 ). As result of this we just discarding such prefixes.
> ...
> Could someone BIRD developer to suggest some solution for this issue?
> Thanks in advance!
Hi
This is expected behavior, see RFC 6907 7.1.9:
Comment: In the spirit of [RFC6472], any route with an AS_SET in it
should not be considered valid (by ROA-based validation). If the
route contains an AS_SET and a covering ROA prefix exists for the
route prefix, then the route should get an Invalid status.
(Note: AS match or mismatch consideration does not apply.)
--
Elen sila lumenn' omentielvo
Ondrej 'Santiago' Zajicek (email: santiago at crfreenet.org)
OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net)
"To err is human -- to blame it on a computer is even more so."
More information about the Bird-users
mailing list