RPKI validation state community not reflected

Alarig Le Lay alarig at swordarmor.fr
Thu May 7 22:28:59 CEST 2020 

Hi,

I’m facing a weird situation where a BIRD receives a prefix from on
session, add the community for the RPKI state, but doesn’t reflect it to
a rr client.

It’s the exact same case as
https://puck.nether.net/pipermail/cisco-nsp/2020-May/107542.html
(although I’m not trying to debug the cisco here :D)
I’m just on the BIRD part while Pierre is on the Cisco part.

Here is some complementary output from BIRD:

bird> show protocols all ibgp_nominoe_ipv4
Name       Proto      Table      State  Since         Info
ibgp_nominoe_ipv4 BGP        ---        up     2020-04-26    Established
  Description:    fullmesh iBGP
  BGP state:          Established
    Neighbor address: 89.234.186.33
    Neighbor AS:      204092
    Local AS:         204092
    Neighbor ID:      89.234.186.33
    Local capabilities
      Multiprotocol
        AF announced: ipv4
      Route refresh
      Graceful restart
      4-octet AS numbers
      Enhanced refresh
      Long-lived graceful restart
    Neighbor capabilities
      Multiprotocol
        AF announced: ipv4
      Route refresh
      4-octet AS numbers
      Enhanced refresh
    Session:          internal multihop route-reflector AS4
    Source address:   89.234.186.34
    Hold timer:       171.386/180
    Keepalive timer:  38.337/60
  Channel ipv4
    State:          UP
    Table:          master4
    Preference:     100
    Input filter:   (unnamed)
    Output filter:  (unnamed)
    Routes:         99289 imported, 0 filtered, 721270 exported, 97651 preferred
    Route change stats:     received   rejected   filtered    ignored   accepted
      Import updates:        2734159          0          0     394005    2340154
      Import withdraws:     14320933          0        ---   13300654    1020279
      Export updates:       12994153    2019568         20        ---   10974565
      Export withdraws:       414224        ---        ---        ---     636177
    BGP Next hop:   89.234.186.34
    IGP IPv4 table: master4

bird>

template bgp iBGP_IPv4 {
        local as 204092;

        ipv4 {
                import where source = RTS_BGP;
                import keep filtered;
                import filter {
                        if ((65535,666) ~ bgp_community ||
                            (204092,65535,666) ~ bgp_large_community) then {
                                dest = RTD_BLACKHOLE;
                                accept;
                        }
                        else {
                                accept;
                        }
                };

                export where source = RTS_BGP;

                gateway recursive;
        };

        rr client;
}

protocol bgp ibgp_nominoe_ipv4 from iBGP_IPv4 {
        description "fullmesh iBGP";

        neighbor 89.234.186.33 as 204092;

        ipv4 {
                export filter {
                        if (source != RTS_BGP) then {
                                reject;
                        }
                        else {
                                bgp_large_community.add((204092,204092,100));
                                bgp_community.add((64496,2150));
                                accept;
                        }
                };
        };
}

I’m not seeing anything that should remove this community from the
filters, but we do not receive it on the other side (tried with another
BIRD too).

Is it an expected behaviour or am I missing something obvious there?

Thanks,
-- 
Alarig Le Lay

More information about the Bird-users mailing list