I use a mixture of BGP communities and prefix lists and it scales very well for me .
Rgds Peter, Sent from my Asus Transformer Pad On Dec 12, 2012 3:24 AM, "Dan Luedtke" <[email protected]> wrote: > Hi NANOGers, > > tl;dr What is the best practice for filtering a large number of > prefixes at an internet exchange? > > Yesterday I ran into problems while writing new filtering rules for > my peerings at a local Exchange. My workflow probably has a flaw, > although it works fine for IPv6 (well, less prefixes there). > > After the physical link was set up I startet a BGP session with the > route server of the exchange. A few minutes later some other AS > imported my prefix, e.g. those listed at HE[1]. I guess they filtered > "less strict" :) > The next day the exchange's route server administrator added my AS-SET > to the AS-SET of the route server. > > --- snip RIPE DB --- > as-set: AS-KLEYREX-RS1 > descr: KleyReX Internet Exchange Frankfurt > [...] > members: AS-NONATTACHED > --- snap --- > > A few days have passed since then but the number of peers has not > increased as expected. Is this normal? > My mp-* entries look like this: > > --- snip RIPE DB --- > aut-num: AS57821 > as-name: NONATTACHED-AS > [...] > mp-import: afi ipv4.unicast from AS31142 accept AS-KLEYREX-RS1 > mp-export: afi ipv4.unicast to AS31142 announce AS-NONATTACHED > --- snap --- > > Yesterday I thought about importing the route servers prefixes and, of > course, to filter them. Using rtconfig[2] I created a filter for BIRD[3] > like this: > > --- snip bird.conf --- > if (prefix_too_long()) then reject; > @rtconfig printPrefixes "if (net ~ [ %p/%l+ ]) then accept;\n" filter > AS-KLEYREX-RS1 reject; > --- snap --- > > This takes about 10-20 minutes and results in an very large config file > constiting of hundreds of prefixes in IPv4. The same config file for > IPv6 would be smaller. However, legacy protocol IPv4 is not yet dead so > I need to filter it somehow. BIRD sometimes segfaults when it is > advised to read those large filters. > > So, here's the question: How do you filter at exchanges? > Where is the error in my workflow? > Is strict route filtering a myth? > > > Thanks for helping! > > > Dan > > [1] http://bgp.he.net/AS57821#_peers > [2] http://irrtoolset.isc.org/wiki/RtConfig > [3] http://bird.network.cz > >
