On Thu, Apr 05, 2012 at 03:21:52PM +0200, Lex van Roon wrote: > Hi All, > > I'm building a s/RTBH setup based on bird 1.3.7. I'm using a single > route injector which has iBGP peerings with my route-reflector cluster. > The setup looks like this (with the injector running on > OpenBSD-4.9/Alpha and router* running on Debian Squeeze amd64 if that > matters): > > [injector] > / \ > / \ > / \ > [router 1] [router 2] > > On the injector, I configure static routes, which I export over BGP. I > want to tag these prefixes with a BGP community, so I can nullroute the > IP's on my route-reflectors and all routers that are connected to this > cluster.
... > My questions: > > 1) First, are these configuration snippets and command output enough to > assist in these questions? > 2) Is it possible to set a BGP community on a static route which is > being exported over BGP? The example in the docs(*) says I should be > able to do this. > 3) Am i doing something wrong in this setup that is causing the BGP > community not being set? > 4) Is there a more intelligent way to get this to work? Imho, using a > BGP community is the most cleanest and generic way to implement this, > but I want this to be set on the injector, and not on my RR cluster. Yes, this is a proper way to do this, setting bgp_community in this way should work and in my test setup that config and that commands work as expected. There are some steps you could try to find the problem: 1) check the log to see if there is no filter error report. 2) restart the injector to see if the config is really used. 3) remove import filter on router_* (use import all) to see whether the problem is only in 'birdc show route export router_1 all' command or also in the real export (it is independently computed). 4) you could try to move setting bgp_community to the import filter of static protocol 'blacklist', in that case community should be seen even with 'birdc show route 1.2.3.4/32 all'. But the position in export filter of bgp should work too. 5) send me full config, i will check if there isn't some other problem that might be related. 6) you could try another architecture for injector, perhaps there is some obscure problem in BIRD on Alphas. BTW, resetting BGP community with 'bgp_community = -empty-;' is not necessary, it is implicitly handled as empty, but should not harm anyway. -- Elen sila lumenn' omentielvo Ondrej 'SanTiago' Zajicek (email: [email protected]) OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net) "To err is human -- to blame it on a computer is even more so."
signature.asc
Description: Digital signature
