No ASN in output when checking invalids ROAs with as-set

Ondrej Zajicek santiago at crfreenet.org
Tue Feb 16 01:36:20 CET 2021


On Mon, Feb 15, 2021 at 06:51:18PM -0500, Darren O'Connor wrote:
> When checking ROAs, and the source ASN happens to have an AS-SET, bird does
> not output the ASN itself.

The output does not depend on filter expression (that is just used to
specify which routes to print, unless the filter explicitly modifies
routes). The output is (and is supposed to be) the same as the output
of 'show route' (for given table and network).

Also note that using roa_check(.., bgp_path.last_nonaggregated) is
discouraged, proper RPKI check as defined ny appropriate RFCs is
done with roa_check(roa_v4, net, bgp_path.last), or just
roa_check(roa_v4).

-- 
Elen sila lumenn' omentielvo

Ondrej 'Santiago' Zajicek (email: santiago at crfreenet.org)
OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net)
"To err is human -- to blame it on a computer is even more so."


More information about the Bird-users mailing list