bgp_large_community wildcard in conditional

Ross Tajvar ross at tajvar.io
Sun Oct 17 23:06:41 CEST 2021 

This worked, thank you!

It may be better to throw a syntax error and refuse to load (or reload) the
configuration than to just accept it but to log errors at runtime...after I
made this change, my filter started rejecting all routes and it took me a
lot of troubleshooting to understand why.

On Sun, Oct 17, 2021 at 7:53 AM Ondrej Zajicek <santiago at crfreenet.org>
wrote:

> On Sun, Oct 17, 2021 at 04:58:06AM -0400, Ross Tajvar wrote:
> > Even using the correct syntax as described by Ondrej I am not able to get
> > this to work. When I try, I get the following error in my logs:
> >
> > > filters, line 117: ~ applied on unknown type pair
> >
> >
> > I am trying to build filters that check multiple things, add a community
> > for each thing (if it is true), then reject the route if any of the
> > communities exist. It doesn't seem like it's possible to check if any
> > member of a set is in another set - only if a particular element is in
> > another set.
> >
> > I.e. I can do
> > (1,2,3) ~ bgp_large_community
> > but not
> > [(1,2,*)] ~ bgp_large_community.
>
> It should be  bgp_large_community ~ [(1,2,*)].
>
> In the first case the meaning is whether (1,2,3) is a member of
> bgp_large_community, while in the second is whether any community from
> bgp_large_community is a member of set [(1,2,*)].
>
>
> > On Thu, Oct 29, 2020 at 2:49 PM Ondrej Zajicek <santiago at crfreenet.org>
> > wrote:
> >
> > > On Thu, Oct 29, 2020 at 10:00:58AM -0400, Brooks Swinnerton wrote:
> > > > Hello,
> > > >
> > > > I was wondering if it's possible to create a conditional that
> matches on
> > > a
> > > > wildcard for a part of a BGP large community. For example:
> > > >
> > > > if ([*, 600, 6939]) ~ bgp_large_community then
> > > >   reject;
> > >
> > > Hello
> > >
> > > Note that it would be [(*, 600, 6939)], not ([*, 600, 6939]).
> > >
> > > But for large communities, BIRD allows wildcard only on the more
> specific
> > > part.
> > > You can have [(64496, 600, *)], [(64496, *, *)] or even [(*, *, *)],
> but
> > > not
> > > [(*, 600, 6939)].
> > >
> > > Also, wildcard (*, 600, 6939) does not really make sense, as meaning of
> > > the second and third part is determined by the first (global admin),
> and
> > > may be different for different first parts.
> > >
> > > --
> > > Elen sila lumenn' omentielvo
> > >
> > > Ondrej 'Santiago' Zajicek (email: santiago at crfreenet.org)
> > > OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net
> )
> > > "To err is human -- to blame it on a computer is even more so."
> > >
>
> --
> Elen sila lumenn' omentielvo
>
> Ondrej 'Santiago' Zajicek (email: santiago at crfreenet.org)
> OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net)
> "To err is human -- to blame it on a computer is even more so."
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://trubka.network.cz/pipermail/bird-users/attachments/20211017/f462fcd5/attachment.htm>

More information about the Bird-users mailing list