BGP Confederation Internal ASN Filtering and is_bogon() Functionality in New BIRD Version

Sat Jun 1 16:50:38 CEST 2024

Hi Maria,

Thanks for the reply

23.172.216.0/24      unicast [I_ZJ1 10:32:48.661 from 2a13:aac7:13:7::2] *
(100) [AS398741i]
        via 10.0.29.2 on CN-ZJ1
        Type: BGP univ
        BGP.origin: IGP
        BGP.as_path: 398741 60539 60539 (65000) 60539 398741
        BGP.next_hop: 10.0.29.2
        BGP.med: 101
        BGP.local_pref: 400
        BGP.large_community: (60539, 2, 1) (60539, 6, 65000) (60539, 6,
52000)

After I enabled is_bogon() function, this route from our downstream would
be filtered.

function is_bogon() {
   if is_bogon_asn() then return true;
   if is_bogon_prefix() then return true;
   if net_len_too_long() then return true;
   return false;
}

function bgp_export()
{
   # my_opt_prefix();
   if is_bogon() then return false; #关闭以防止过滤bgp conf的内部ASN
   if bgp_large_community ~ [(LOCAL_ASN, 4, NODE_ID)] then return false;
   if is_local_prefix()  then return true;
   # if proto = "BGP_Prefix_play" then return true;
   if source != RTS_BGP then return false;
   if bgp_large_community !~ [(LOCAL_ASN, 2, 1)] then return false;
   return true;
}

I always remember that in BIRD, BGP Confederation internal ASNs cannot be
counted in bgp_path.len. But BGP Confederation internal ASNs can be treated
as 'normal' ASNs for filtering?

Best,
*Brandon Zhi*
HUIZE LTD
www.huize.asia  <https://huize.asia/>| www.ixp.su | Twitter

This e-mail and any attachments or any reproduction of this e-mail in
whatever manner are confidential and for the use of the addressee(s) only.
HUIZE LTD can’t take any liability and guarantee of the text of the email
message and virus.

On Sat, 1 Jun 2024 at 22:36, Maria Matejka <maria.matejka at nic.cz> wrote:

> Hello Brandon,
>
> On Thu, May 30, 2024 at 09:52:53PM +0800, Brandon Zhi wrote:
>
> I am writing to inquire about the capabilities of the new version of BIRD
> regarding BGP Confederation internal ASNs. Specifically, I would like to
> know:
>
>    1. Can the new BIRD version filter BGP Confederation internal ASNs?
>    2. Does it support calculating the total AS path length, including
>    internal ASNs within a BGP Confederation?
>
> You are probably looking for something like bgp_path.filter() or
> bgp_path.len, or maybe for int p in bgp_path do { … }
>
> Additionally, I have encountered an issue while using the is_bogon()
> function. It currently filters a route with the AS path (65000) 398741. I
> suspect this is because (65000) is being treated as a BOGON ASN.
>
> Below is the define BOGON_ASNS I am using:
>
> define BOGON_ASNS = [
>     0,                      # RFC 7607
>     23456,                  # RFC 4893 AS_TRANS
>     64496..64511,           # RFC 5398 and documentation/example ASNs
>     64512..65534,           # RFC 6996 Private ASNs
>     65535,                  # RFC 7300 Last 16 bit ASN
>     65536..65551,           # RFC 5398 and documentation/example ASNs
>     65552..131071,          # RFC IANA reserved ASNs
>     4200000000..4294967294, # RFC 6996 Private ASNs
>     4294967295              # RFC 7300 Last 32 bit ASN
> ];
>
> Yes, this includes 65500. I can’t see your is_bogon() function definition
> though so I can’t help you more.
>
> Hoping that this helps.
>
> Maria
>
> – Maria Matejka (she/her) | BIRD Team Leader | CZ.NIC, z.s.p.o.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://trubka.network.cz/pipermail/bird-users/attachments/20240601/60a65fbd/attachment.htm>