I think you have check for (0,3) ~ bgp_community when you piping
towards as3 peer. This:
export where bgp_out(2);
Looks like to be for piping towards as2 peer. And this filter should
pass such communities of course.
On Mon, Apr 6, 2020 at 10:32 PM Fabiano D'Agostino
<fabiano.dagostin...@gmail.com> wrote:
>
> Thank you I was able to solve in this way:
> My testing network is made up of router server (as1), router2(as2), router3
> (as3).
> The goal: as2's routes don't have to be announced to as3
> route server conf:
> function bgp_out(int peerID)
> {
> if(0,peerID) ~ bgp_community then return false;
> return true;
> }
> protocol pipe as2 {
> import something;
> export where bgp_out(2);
> }
> protocol bgp { ipv4 {import/export all;}}
>
> router2 config:
> protocol bgp {
> ipv4 {
> import all;
> export filter {bgp_community.add((0,3)); };
> }
> }
>
> With this configuration AS3 doesn't receive AS2's routes anymore. But I have
> a question, why the if condition is true? It should be if (0,2) ~ (is inside)
> [(0,3),..], isn't it?
>
> Thanks,
>
> Il giorno lun 6 apr 2020 alle ore 21:06 Alexander Zubkov <gr...@qrator.net>
> ha scritto:
>>
>> You have to configure export filter with something like:
>> bgp_community.add((x,y));
>> This is for community written as x:y on most hardware routers.
>>
>> On Mon, Apr 6, 2020 at 8:57 PM Fabiano D'Agostino
>> <fabiano.dagostin...@gmail.com> wrote:
>> >
>> > Thanks for your helping,
>> > How do I set in my router (AS2) the community to the exported routes? I
>> > don't understand this.
>> >
>> >
>> >
>> > Il giorno lun 6 apr 2020 alle ore 20:26 Alexander Zubkov
>> > <gr...@qrator.net> ha scritto:
>> >>
>> >> OK. So you have some route x.x.x.x/y that you receive from AS2 by
>> >> protocol bgp pb_0002_as2?
>> >>
>> >> 1) it is received via bgp pb_0002_as2 into table t_0002_as2
>> >> 2) it is piped from table t_0002_as2 to master4 with filter
>> >> f_export_to_master (missing in your config)
>> >> 3) it is piped from table master4 to t_0005_as3 with filter where
>> >> ixp_community_filter(3) (ixp_community_filter is also missing)
>> >> 4) it is exported to bgp pb_0005_as3
>> >>
>> >> At which point do you think it should be filtered and why?
>> >> As I see, your routers (AS2) do not set any communities to the
>> >> exported routes, so if you do not set them in any of those missing
>> >> filters, then your check for the presence of the community will not
>> >> fire.
>> >>
>> >> On Mon, Apr 6, 2020 at 7:03 PM Fabiano D'Agostino
>> >> <fabiano.dagostin...@gmail.com> wrote:
>> >> >
>> >> > This is the bird.conf of the route server:
>> >> > https://pastebin.com/qwp6nBtz
>> >> > This is the bird.conf of one router:
>> >> > https://pastebin.com/trwgKG92
>> >> >
>> >> > Why does AS3 still receive routes from AS2? What am I missing?
>> >> >
>> >> > Thanks,
>> >> >
>> >> > Il giorno lun 6 apr 2020 alle ore 18:13 Alexander Zubkov
>> >> > <gr...@qrator.net> ha scritto:
>> >> >>
>> >> >> It is really hard to guess what routes you have actually in your
>> >> >> bird's table and how your bird is configured.
>> >> >>
>> >> >> > I just edited the bird.conf of the route server, should I also edit
>> >> >> > the bird.conf of the routers which are peering with the route server?
>> >> >>
>> >> >> Filters on peers can affect only communities you are sending and other
>> >> >> attributes, but they do not affect directly the logic of your route
>> >> >> server's filters, there is no magic here.
>> >> >>
>> >> >> On Mon, Apr 6, 2020 at 6:08 PM Fabiano D'Agostino
>> >> >> <fabiano.dagostin...@gmail.com> wrote:
>> >> >> >
>> >> >> > Does 'show route where' exist as command? Because I have syntax
>> >> >> > error.
>> >> >> > Anyway I set up my route server as here:
>> >> >> > https://www.slideshare.net/apnic/bird-routing-daemon
>> >> >> > But I am having the problem described here:
>> >> >> > https://bird.network.cz/pipermail/bird-users/2010-September/001620.html
>> >> >> >
>> >> >> > I just edited the bird.conf of the route server, should I also edit
>> >> >> > the bird.conf of the routers which are peering with the route server?
>> >> >> >
>> >> >> > Thanks,
>> >> >> >
>> >> >> > Il giorno lun 6 apr 2020 alle ore 17:50 Alexander Zubkov
>> >> >> > <gr...@qrator.net> ha scritto:
>> >> >> >>
>> >> >> >> Have you tried to check that in cli like:
>> >> >> >> show route where bgp_out(...)
>> >> >> >> And check that required route has all needed communities:
>> >> >> >> show route all x.x.x.x/y
>> >> >> >>
>> >> >> >> On Mon, Apr 6, 2020 at 5:35 PM Fabiano D'Agostino
>> >> >> >> <fabiano.dagostin...@gmail.com> wrote:
>> >> >> >> >
>> >> >> >> > Hey,
>> >> >> >> > thank you! I think I am having the same problem they had here:
>> >> >> >> > https://bird.network.cz/pipermail/bird-users/2010-September/001620.html
>> >> >> >> >
>> >> >> >> > But I didn't understand how they solved.
>> >> >> >> >
>> >> >> >> > Regards,
>> >> >> >> > Fabiano
>> >> >> >> >
>> >> >> >> > Il giorno lun 6 apr 2020 alle ore 17:16 Cybertinus
>> >> >> >> > <b...@cybertinus.nl> ha scritto:
>> >> >> >> >>
>> >> >> >> >> Hello Fabiano,
>> >> >> >> >>
>> >> >> >> >>
>> >> >> >> >> BGP Communities are basically tags you add to a prefix that is
>> >> >> >> >> received from, or send to, a peer. And in Bird you can do
>> >> >> >> >> whatever you want with these communities. A community by itself
>> >> >> >> >> has no meaning and has no influence on the routing decision
>> >> >> >> >> whatsoever. It is the meaning you add to it in your
>> >> >> >> >> configuration what makes them work.
>> >> >> >> >>
>> >> >> >> >> More information about communities:
>> >> >> >> >> https://en.wikipedia.org/wiki/Border_Gateway_Protocol#Communities
>> >> >> >> >>
>> >> >> >> >>
>> >> >> >> >> Kind regards,
>> >> >> >> >> Cybertinus
>> >> >> >> >>
>> >> >> >> >>
>> >> >> >> >> On 2020-04-06 17:03, Fabiano D'Agostino wrote:
>> >> >> >> >>
>> >> >> >> >> and how these kind of checks are handled?
>> >> >> >> >> if (myas,peeras) ~ bgp_community what is bgp_community?
>> >> >> >> >>
>> >> >> >> >> Thanks,
>> >> >> >> >>
>> >> >> >> >> Il giorno lun 6 apr 2020 alle ore 15:32 Fabiano D'Agostino
>> >> >> >> >> <fabiano.dagostin...@gmail.com> ha scritto:
>> >> >> >> >>
>> >> >> >> >> Thank you, but "if the route does not come from BGP then false"
>> >> >> >> >> here I have:
>> >> >> >> >> protocol pipe a {
>> >> >> >> >> table master;
>> >> >> >> >> mode transparent;
>> >> >> >> >> peer table a;
>> >> >> >> >> import all;
>> >> >> >> >> export where bgp_out(x); => this becomes false, what does
>> >> >> >> >> this mean?
>> >> >> >> >> #export all;
>> >> >> >> >> }
>> >> >> >> >>
>> >> >> >> >> Thanks,
>> >> >> >> >>
>> >> >> >> >> Il giorno lun 6 apr 2020 alle ore 10:50 Bernd Naumann
>> >> >> >> >> <b...@spreadshirt.net> ha scritto:
>> >> >> >> >>
>> >> >> >> >> On 05.04.20 23:08, Fabiano D'Agostino wrote:
>> >> >> >> >> > Good evening,
>> >> >> >> >> > could someone explain me the meaning of these lines?
>> >> >> >> >> >
>> >> >> >> >> > function bgp_out(int peeras)
>> >> >> >> >> > {
>> >> >> >> >> > if ! (source = RTS_BGP ) then return false;
>> >> >> >> >> > if peeras > 65535 then return true; ### communities do not
>> >> >> >> >> > support AS32
>> >> >> >> >> > if (0,peeras) ~ bgp_community then return false;
>> >> >> >> >> > if (myas,peeras) ~ bgp_community then return true;
>> >> >> >> >> > if (0, myas) ~ bgp_community then return false;
>> >> >> >> >> > return true;
>> >> >> >> >> > }
>> >> >> >> >> >
>> >> >> >> >> > Thanks,
>> >> >> >> >> >
>> >> >> >> >> > Fabiano
>> >> >> >> >> >
>> >> >> >> >>
>> >> >> >> >> Morning,
>> >> >> >> >>
>> >> >> >> >> I can not cover the whole section but as a start...
>> >> >> >> >>
>> >> >> >> >> * if the route does not come from BGP then false (routing table
>> >> >> >> >> source?)
>> >> >> >> >> * if the remote AS Number is greater 65535 (16 Bit) then "just"
>> >> >> >> >> return
>> >> >> >> >> true (see AS 32 Bit Numbers, and the non-support of older
>> >> >> >> >> devices/implementations)
>> >> >> >> >> * For the next 3 I'm not 100% sure how to read but I found
>> >> >> >> >> https://bird-users.network.narkive.com/3uDbo6H9/any-ix-willing-to-share-their-config
>> >> >> >> >>
>> >> >> >> >> ```
>> >> >> >> >> 0:XXXXX - Do not announce route to peer XXXXX
>> >> >> >> >> 0:MyASN - Do not announce route to all peers
>> >> >> >> >> MyASN:XXXXX - Announce route to peer XXXXX only
>> >> >> >> >> MyASN:MyASN - Announce routes to all peers. This community is
>> >> >> >> >> automatically added to all routes that are not
>> >> >> >> >> tagged with any of MyASN:XXXXX communities.
>> >> >> >> >> ```
>> >> >> >> >>
>> >> >> >> >> Maybe this helps a little bit.
>> >> >> >> >>
>> >> >> >> >> Bernd
