Hi,
Thank you very much for the fast response.
The patch has completely fixed the issue!
One more question about the ROA:
Is it possible to use roa_check() into another function and first
parameter of the roa_check to be some argument like peer_as for an example:
roa table 65501 {
roa 1.2.3.0/24 max 32 as 65501;
}
function BGP_IN(*int peer_as*) {
if roa_check(*peer_as*, net, bgp_path.last) = ROA_INVALID then {
print "ROA check failed for ", net, " from ASN ",
bgp_path.last; return false;
}
if roa_check(*peer_as*, net, bgp_path.last) = ROA_UNKNOWN then {
print "ROA check failed: unallowed prefix - ", net, " origin
ASN ", bgp_path.last , " - AS-PATH", bgp_path , " via ", proto; return
false;
}
return true;
}
When I put the above lines in the configuration and try to reconfigure I
got the following error:
/root@rs2-lab:/usr/local/bird-new/etc# birdc c//
//BIRD 1.6.3 ready.//
//Reading configuration from /usr/local/bird-new/etc/bird.conf//
///usr/local/bird-new/etc/roa.conf, line 8: peer_as is not a ROA table/
It makes me think that such implementation is not possible or may be I'm
totally wrong or miss a bit something.
Thank you once again!
Best~
On 21.03.2018 15:40, Ondrej Zajicek wrote:
On Wed, Mar 21, 2018 at 12:45:54PM +0200, Javor Kliachev wrote:
Hello,
We have been using BIRD 1.6.3 on Ubuntu 16.04 as Route Server for a long
time.
Recently we decided to implement a ROA check filtration but we're
experiencing the daemon is crashing whenever
removing roa table from the file config even when the roa table is not
applied anywhere.
Hello
Is the issue fixed by this patch:
https://gitlab.labs.nic.cz/labs/bird/commit/0ff86d054efa8005c5df943acf6d2122781d3175
?
--
---
Javor Kliachev
Senior Engineer IP Services
office:+359 2 974 33 11
mobile:+359 885 98 84 95
www.neterra.net <http://www.neterra.net>
<https://bg.linkedin.com/pub/javor-kliachev/11/b46/843>
