No ASN in output when checking invalids ROAs with as-set
Darren O'Connor
mellow.drifter at gmail.com
Tue Feb 16 01:56:45 CET 2021
Thanks Ondrej.
I'm not fully understanding your first point. When doing a show route, I do
indeed see only [?] for 185.186.206.0/24 - But is this view 'correct' ?
Basically I'm trying to collect a list of ASNs originating invalids but if
any of them have as-sets in them there is no easy way to check. I'd have to
first find all invalids, then any invalid without an ASN do a second 'all'
lookup to see which ASN was actually advertising that prefix.
As for the check, I wasn't aware that "roa_check(roa_v4)" alone would work
but it looks good so I'll switch to that. Thanks!
D
On Mon, 15 Feb 2021 at 19:36, Ondrej Zajicek <santiago at crfreenet.org> wrote:
> On Mon, Feb 15, 2021 at 06:51:18PM -0500, Darren O'Connor wrote:
> > When checking ROAs, and the source ASN happens to have an AS-SET, bird
> does
> > not output the ASN itself.
>
> The output does not depend on filter expression (that is just used to
> specify which routes to print, unless the filter explicitly modifies
> routes). The output is (and is supposed to be) the same as the output
> of 'show route' (for given table and network).
>
> Also note that using roa_check(.., bgp_path.last_nonaggregated) is
> discouraged, proper RPKI check as defined ny appropriate RFCs is
> done with roa_check(roa_v4, net, bgp_path.last), or just
> roa_check(roa_v4).
>
> --
> Elen sila lumenn' omentielvo
>
> Ondrej 'Santiago' Zajicek (email: santiago at crfreenet.org)
> OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net)
> "To err is human -- to blame it on a computer is even more so."
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://trubka.network.cz/pipermail/bird-users/attachments/20210215/3df900a3/attachment.htm>
More information about the Bird-users
mailing list