Hello Chris,
Thank you for your config. Looks much better. Still I have know error...
bird> conf check
Reading configuration from /etc/bird/bird.conf
/etc/bird/bird.conf, line 121: Value 205082 out of range (0-65535)
...but not in main section of filter. It is only here now:
# Remove IXP related communities
#(...)
bgp_community.delete([(myas,*)]);
Only this one line. Once commented - no errors in filter reported. Is there
any fix for it?
Rgrds,
Peter
-----Oryginalna wiadomość-----
From: Chris Caputo
Sent: Monday, January 22, 2018 2:25 PM
To: Piotr Marciniak
Cc: [email protected]
Subject: Re: Community for small IX - problem with 4B ASN
1. Is it possible to enable 4B ASn for communities in Bird? Will it work
with other rouers?
2. Can we use instead private ASn just for community filters? Are they
processed corretly by other Internet routers of our peers?
1. Yes.
2. I don't recommend it.
To see the communities supported by the SIX route servers, refer to:
https://www.seattleix.net/route-servers#communities
Below is how we do it with bird 1.6.3. Not sure about 2.0+.
I hope this helps and feedback from the community is welcome.
Chris
---
define myas = SET TO IXP ASN;
define peerPrepend1 = 65001;
define peerPrepend2 = 65002;
define peerPrepend3 = 65003;
# BGP output filter (based on communities)
# Returning false means don't propagate route to peeras.
# Returning true means do propagate route to peeras.
function bgp_out_comm(int peeras)
{
if ! (source = RTS_BGP ) then return false;
if (myas,0,peeras) ~ bgp_large_community then return false;
if (myas,1,peeras) ~ bgp_large_community then return true;
if (myas,0,0) ~ bgp_large_community then return false;
if peeras > 65535 then
{
if (ro,0,peeras) ~ bgp_ext_community then return false;
if (ro,myas,peeras) ~ bgp_ext_community then return true;
if ((ro,0,myas) ~ bgp_ext_community) then return false;
} else {
if ((0,peeras) ~ bgp_community) || ((ro,0,peeras) ~ bgp_ext_community)
then return false;
if ((myas,peeras) ~ bgp_community) || ((ro,myas,peeras) ~
bgp_ext_community) then return true;
if ((0,myas) ~ bgp_community) || ((ro,0,myas) ~ bgp_ext_community) then
return false;
}
return true;
}
function bgp_out(int peeras)
{
if !bgp_out_comm(peeras) then return false;
# Prepends
if peeras > 65535 then
{
if ((ro,peerPrepend1,peeras) ~ bgp_ext_community) ||
((myas,peerPrepend1,peeras) ~ bgp_large_community) then {
bgp_path.prepend(bgp_path.first);
}
if ((ro,peerPrepend2,peeras) ~ bgp_ext_community) ||
((myas,peerPrepend2,peeras) ~ bgp_large_community) then {
bgp_path.prepend(bgp_path.first);
bgp_path.prepend(bgp_path.first);
}
if ((ro,peerPrepend3,peeras) ~ bgp_ext_community) ||
((myas,peerPrepend3,peeras) ~ bgp_large_community) then {
bgp_path.prepend(bgp_path.first);
bgp_path.prepend(bgp_path.first);
bgp_path.prepend(bgp_path.first);
}
} else {
if ((peerPrepend1,peeras) ~ bgp_community) || ((ro,peerPrepend1,peeras)
~ bgp_ext_community) || ((myas,peerPrepend1,peeras) ~ bgp_large_community)
then {
bgp_path.prepend(bgp_path.first);
}
if ((peerPrepend2,peeras) ~ bgp_community) || ((ro,peerPrepend2,peeras)
~ bgp_ext_community) || ((myas,peerPrepend2,peeras) ~ bgp_large_community)
then {
bgp_path.prepend(bgp_path.first);
bgp_path.prepend(bgp_path.first);
}
if ((peerPrepend3,peeras) ~ bgp_community) || ((ro,peerPrepend3,peeras)
~ bgp_ext_community) || ((myas,peerPrepend3,peeras) ~ bgp_large_community)
then {
bgp_path.prepend(bgp_path.first);
bgp_path.prepend(bgp_path.first);
bgp_path.prepend(bgp_path.first);
}
}
# Remove IXP related communities
bgp_community.delete([(0,*)]);
bgp_community.delete([(myas,*)]);
bgp_community.delete([(peerPrepend1,*)]);
bgp_community.delete([(peerPrepend2,*)]);
bgp_community.delete([(peerPrepend3,*)]);
bgp_ext_community.delete([(ro,0,*)]);
bgp_ext_community.delete([(ro,myas,*)]);
bgp_ext_community.delete([(ro,peerPrepend1,*)]);
bgp_ext_community.delete([(ro,peerPrepend2,*)]);
bgp_ext_community.delete([(ro,peerPrepend2,*)]);
bgp_large_community.delete([(myas,*,*)]);
return true;
}
On Mon, 22 Jan 2018, Piotr Marciniak wrote:
Dear Advisors ;],
Thank you for all posts. But still I do not know how to make Bird working
with
4B communities and if I may do this - whether it will be accepted for our
peers? In short - I do not know how to adapt to 4B communities following
examples:
https://gitlab.labs.nic.cz/labs/bird/wikis/Route_server_with_community_based_filtering_and_multiple_RIBs
https://gitlab.labs.nic.cz/labs/bird/wikis/Route_server_with_community_based_filtering_and_single_RIB
Is there any way to enable 4B communities in bird.conf?
I do not have any problem with 4B ASn. I set bgp peering sessions from
Bird
with 4B ASn. Even our IX has AS205082.
This is why I put 2 questions:
1. Is it possible to enable 4B ASn for communities in Bird? Will it work
with other rouers?
2. Can we use instead private ASn just for community filters? Are they
processed corretly by other Internet routers of our peers?
Please - do not explain me theoretical difference between 16 and 32 bits.
Question is simple - can I use 4B communities for filters? If not - what
16bit
"fake ASn" I can use instead safely?
Best wishes,
Piotr Marciniak
-----Oryginalna wiadomość----- From: Paweł Nastachowski
Sent: Monday, January 22, 2018 1:12 PM
To: Piotr Marciniak
Cc: [email protected]
Subject: Re: Community for small IX - problem with 4B ASN
Hi Piotr,
I should use extended community for 4B ASN, because normal community is
too
small “Encodes a 32-bit value displayed as “16-bit ASN:16-bit value”.
Regards,
Pawel
-----Wiadomość oryginalna-----
Od: Bird-users <[email protected]> w imieniu użytkownika Piotr
Marciniak <[email protected]>
Data: poniedziałek, 22 stycznia 2018 11:15
Do: "[email protected]" <[email protected]>
Temat: Community for small IX - problem with 4B ASN
Hello,
I've spent a while on below docs and faced a problem with 4B ASN we
use.
Bird reports an error 'when 'myas' is 4B => so above 65535.
See some testing example below:
bird> configure
Reading configuration from /etc/bird/bird.conf
/etc/bird/bird.conf, line 81: Value 165250 out of range (0-65535)
The only way this config reports no error is to set here private ASn -
fe.
65250. But it will never match our real ASn.
Two questions:
1. Is it possible to enable 4B ASn for communities in Bird? Will it
work
with other rouers?
2. Can we use instead private ASn just for community filters? Are they
processed corretly by other Internet routers of our peers?
Or maybe there is another work around?
Best wishes,
Peter
-----Oryginalna wiadomość-----
From: Piotr Marciniak
Sent: Friday, December 29, 2017 5:01 PM
To: Ondrej Zajicek
Cc: [email protected]
Subject: Re: Community for small IX
There are some examples in BIRD wiki, mainly:
https://urldefense.proofpoint.com/v2/url?u=https-3A__gitlab.labs.nic.cz_labs_bird_wikis_Route-5Fserver-5Fwith-5Fcommunity-5Fbased-5Ffiltering-5Fand-5Fmultiple-5FRIBs&d=DwIDaQ&c=gxW9PgscCAGwFImBgfkGkoANogu61GVPNv0sglxAtik&r=5Q01PsGCLGh5Iipn2_EFz2pKmXKRl5oJ_tHzyrwTUhrj4D27CXd9SGXgnGWoH5Yy&m=b6e1rT2mu_bWkZiOT-71FnOGwrXSx-xnpaRwbI3-BFI&s=2UgZOD_Fkqt6ZgVqlXm_vXRiY1LP_MTlkWo-TGVqAtE&e=
https://urldefense.proofpoint.com/v2/url?u=https-3A__gitlab.labs.nic.cz_labs_bird_wikis_Route-5Fserver-5Fwith-5Fcommunity-5Fbased-5Ffiltering-5Fand-5Fsingle-5FRIB&d=DwIDaQ&c=gxW9PgscCAGwFImBgfkGkoANogu61GVPNv0sglxAtik&r=5Q01PsGCLGh5Iipn2_EFz2pKmXKRl5oJ_tHzyrwTUhrj4D27CXd9SGXgnGWoH5Yy&m=b6e1rT2mu_bWkZiOT-71FnOGwrXSx-xnpaRwbI3-BFI&s=KjVYea-iJRNl8BxFQFgkEeHLWFK8qwenAm_GRJDH4Q4&e=
--
Elen sila lumenn' omentielvo
Ondrej 'Santiago' Zajicek (email: [email protected])
OpenPGP encrypted e-mails preferred (KeyID 0x11DEADC3, wwwkeys.pgp.net)
"To err is human -- to blame it on a computer is even more so."
This email is from Equinix (EMEA) B.V. or one of its associated companies
in
the territory from where this email has been sent. This email, and any
files
transmitted with it, contains information which is confidential, is solely
for
the use of the intended recipient and may be legally privileged. If you
have
received this email in error, please notify the sender and delete this
email
immediately. Equinix (EMEA) B.V.. Registered Office: Amstelplein 1, 1096
HA
Amsterdam, The Netherlands. Registered in The Netherlands No. 57577889.
