On Thu, Jun 16, 2011 at 03:45:15PM -0300, Christian Lyra wrote:
> Hi all,
>
> I4m testing OpenBGPD on a route-server/IX topology. My testing case
> has one Route Server (RS), 3 AS (AS1, AS2, AS3) and a fourth client AS
> (AS4) connected to AS2 and AS3. The following "ascii" figure shows the
> topology:
>
> RS
> -----------------------------------
> | | |
> AS1 AS2 AS3
> | |
> -----------------
> |
> AS4
>
> Each AS announces two /17 prefixes. AS4 announce its two prefixes with
> a prepend to AS3, and with no prepend to AS2. In this case, the RS RIB
> is show below:
>
> flags destination gateway lpref med aspath origin
> *> 10.1.0.0/17 x.x.x..AS1 100 0 1 i
> *> 10.1.128.0/17 x.x.x.x.AS1 100 0 1 i
> *> 10.2.0.0/17 x.x.x.x.AS2 100 0 2 i
> *> 10.2.128.0/17 x.x.x.x.AS2 100 0 2 i
> *> 10.3.0.0/17 x.x.x.x.AS3 100 0 3 i
> *> 10.3.128.0/17 x.x.x.x.AS3 100 0 3 i
> *> 10.4.0.0/17 x.x.x.x.AS2 100 0 2 4 i
> * 10.4.0.0/17 x.x.x.x.AS3 100 0 3 4 4 i
> *> 10.4.128.0/17 x.x.x.x.AS2 100 0 2 4 i
> * 10.4.128.0/17 x.x.x.AS3 100 0 3 4 4 i
>
> Since BGP export only the best routes, so AS1 learn the AS4 prefixes
> with AS2 being the gateway (as expected...). RS configuration is show
> below:
>
> peer1="x.x.x.as1"
> peer2="x.x.x.as2"
> peer3="x.x.x.as3"
> ASN="65000"
>
> AS $ASN
> router-id x.x.x.rs
> fib-update no
> transparent-as yes
> nexthop qualify via bgp
>
> group "RS" {
> neighbor $peer1 {
> descr "AS1"
> remote-as 1
> announce all
> }
> neighbor $peer2 {
> descr "AS2"
> remote-as 2
> announce all
> }
> neighbor $peer3 {
> descr "AS3"
> remote-as 3
> announce all
> }
> }
>
> match from any set community $ASN:neighbor-as
>
> So far, so good. Now, let4s change the rules and make AS1 no longer
> exchange traffic with AS2 (and vice-versa). If we just made this by
> using filters denying AS1<->AS2 updates, then AS1 will never learn the
> prefixes of AS4 trhu AS3. This hidden prefix problem is better
> explained here [1]. Quagga and Bird [2] deals with this problem by
> using a per AS RIB, so the filter is applied on the input of each RIB,
> before the path selection process.
OpenBGPD supports per AS RIB as well. AmsIX is using this feature AFAIK.
At least I implemented it for and together with AmsIX.
> I tried a few solutions and none worked. First, I tried to use the
> "route-collector yes" option. Documentation said that this should
> disable the path selection, and i thought that openbgd would export
> all routes to clients leaving to them the work of selecting routes.
> But route selection still occurs, at least when exporting, so, it
> didnt worked as I would like. I added the following lines to
> configuration:
>
> route-collector yes
> deny to $peer1 community $ASN:2
> deny to $peer2 community $ASN:1
Nah, route-collector will not make you happy. This is a hack that will
skip a lot of more complex operations (IIRC it even skips part of the
filters).
> I also saw in docs that it4s possible to create a table and disable
> the route selection, so my next try was create such table, and
> configure all peers to use that table:
>
> rde rib allroutes no evaluate
>
> and adding a "rib allroutes" to each peer config. But this didnt
> worked too, in fact, no route was exported.
Hmm. I'm not sure for what I did the "no evaluate" mode. But You need the
decision process in any case since without it no route will be selected to
be exported.
> My last try was creating a RIB for each peer:
>
> rde rib toAS1
> rde rib toAS2
> rde rib toAS3
>
> As I understood from docs, I may apply a rule to one rib, like this:
>
> deny to $peer1 community $ASN:2 rib toAS1
>
> But openbgpd complains about such line. Does anyone knows how solve this?
The correct syntax is:
deny rib toAS1 to $peer1 community $ASN:2
But the above rule does not make much sense. I think you want something
like:
deny rib toAS1 from $peer2 community $ASN:2
Since you need to filter prefixes going into the per-peer RIB and not
filter the selected prefix beeing sent out. You need to filter incomming
prefixes on a per RIB basis.
--
:wq Claudio
