Good evening,
I wonder if there's a good, full example about ROA with static protocol in
BIRD 2. The following snippet is only for BIRD 1.x, right?
--- %< ---
roa table roa {
roa 1.0.0.0/24 max 24 as 13335;
# […]
}
--- %< ---
Based on various snippets and half examples on the Internet, I've made this
currently:
--- %< /etc/bird.conf %< ---
# […]
roa4 table roa_v4;
roa6 table roa_v6;
include "/var/lib/rpki-client/bird2";
function reject_invalid_roa() {
if (force_roa_table_update > 0) then {
if (net.type = NET_IP4) then {
case roa_check(roa_v4, net, bgp_path.last) {
ROA_INVALID:
reject;
# ROA_VALID:
# ROA_UNKNOWN:
}
}
if (net.type = NET_IP6) then {
case roa_check(roa_v6, net, bgp_path.last) {
ROA_INVALID:
reject;
# ROA_VALID:
# ROA_UNKNOWN:
}
}
}
}
# […]
--- %< /etc/bird.conf %< ---
Note that /var/lib/rpki-client/bird2 is generated on a regular base.
--- %< /var/lib/rpki-client/bird2 %< ---
define force_roa_table_update = 1582237716;
protocol static {
roa4 { table roa_v4; };
route 1.0.0.0/24 max 24 as 13335;
# […]
}
protocol static {
roa6 { table roa_v6; };
route 2001:200::/32 max 32 as 2500;
# […]
}
--- %< /var/lib/rpki-client/bird2 %< ---
This however raises the following questions for me:
- Is this good style at all?
- Should "roa4 table roa_v4; roa6 table roa_v6;" be moved to the include?
- To cover IPv4 and IPv6, I need two different tables and two different
static protocols, and there is no way using one table/channel, right?
- Is "define force_roa_table_update = 1582237716;" still needed with BIRD
2.0.7 to ensure proper revalidation?
- Some use "bgp_path.last_nonaggregated", some "bgp_path.last". What is
more suitable here?
- Is "birdc configure soft && birdc reload in all" the only/best way?
Regards,
Robert
