On Fri, Dec 24, 2010 at 11:07:41PM +0200, Alexander Shikoff wrote: > Some days ago our IXP received a connection request from customer with 32bit > > ASN. We use the same BGP policy as many other IXes do: > > 0:XXXXX - Do not announce route to peer XXXXX > 0:MyASN - Do not announce route to all peers > MyASN:XXXXX - Announce route to peer XXXXX only > MyASN:MyASN - Announce routes to all peers. This community is > automatically added to all routes that are not > tagged with any of MyASN:XXXXX communities. > ... > > The idea is to store high 16 bits and low 16 bits of ASN separately > in two communities, for example: > 65000:0x0003, 0:0x02D7 - Do not announce prefix to peer with ASN 0x000302D7 > Then put a check of 65000:* in filter.
This could not really work. By old convention, if i would like to not announce the route to peers 3, 5 and 7, i would add communities (0,3), (0,5) and (0,7). But by your convention, if i would like to not announce the route to peers 0x000201A3 and 0x000302D7, i would add (65000,0x0002), (0,0x01A3), (65000,0x0003) and (0,0x02D7), But that would also block announcing to 0x000301A3 and 0x000202D7. One possible way to do that is not to try handle full 32bit ASNs, but perhaps just ~ 24bit ASNs and use communities (65000..65255,*) for "(65000+X,Y) - Do not announce to peer X*65536+Y" and similarly communities (65256..65511,*) for: "(65256+X,Y) - Announce to peer X*65536+Y only". -- Elen sila lumenn' omentielvo Ondrej 'SanTiago' Zajicek (email: [email protected]) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) "To err is human -- to blame it on a computer is even more so."
signature.asc
Description: Digital signature
