Thanks for the function optimization. This does indeed make it simpler! I also believe I had misunderstood the documentation when I expected this to work - obviously "ip" and "prefix" are different types, and now that I've re-read the documentation on the ~ operator - "it can be used on element and set of elements of the same type "
My apologies. I appreciate the patch and will apply it shortly. Thanks, -JJ On Fri, Nov 8, 2013 at 3:58 AM, Sergey Popovich <popovich_ser...@mail.ru>wrote: > В письме от 7 ноября 2013 16:05:50 пользователь John Jensen написал: > > Hi, > > > > We're about to migrate our exchange to a /23 and we're likely going to do > > it over time. I have a simple filter in place to check and make sure that > > the NEXT_HOP is within our exchange's subnet. Originally it looked like > > this: > > > > function check_ixp_next_hop(ip nexthop) > > prefix ixpnet; > > { > > ixpnet = x.x.x.x/24; > > if ! (nexthop ~ ixpnet) then return false; > > return true; > > } > > > > > > And then within the inbound filter for each peer's ASN: > > > > if ! (check_ixp_next_hop(bgp_next_hop)) then reject; > > > > > > Since we're going to be caring about two distinct prefixes while we > perform > > the migration, I changed the filter to look like this: > > > > function check_ixp_next_hop(ip nexthop) > > prefix set ixpnet; > > { > > ixpnet = [ x.x.x.x/24, y.y.y.y/23 ]; > > Also, pay attention, you should use something like > > ixpnet = [ x.x.x.x/24+, y.y.y.y/23+ ]; > > To match subnets. > > > if ! (nexthop ~ ixpnet) then return false; > > return true; > > } > > > > Even simpler: > ------------- > > function check_ixp_next_hop(ip nexthop) > { > return nexthop ~ [ x.x.x.x/24+, y.y.y.y/23+ ]; > } > > -- > SP5474-RIPE > Sergey Popovich > >