Yes, I just enabled it:
protocol bgp {
...
ipv4{
import keep fitlered;
import limit 250 action restart;
import filter filter_rpki;
table t_0002_as2;
}
}
RPKI is working because if I check the syslog I find the invalid printed
prefixes, but 'show route all filtered' doesn't show anything.
Il giorno lun 20 apr 2020 alle ore 14:05 Maria Matejka <maria.mate...@nic.cz>
ha scritto:
> And do you have
> import keep filtered;
> in your config?
> Maria
>
> On 4/20/20 11:19 AM, Fabiano D'Agostino wrote:
> > Hi,
> > In my route server bird.conf I did this:
> > define FILTERED_RPKI_INVALID = (1,1101,13);
> >
> > filter filter_rpki{
> > if roa_check(..)=ROA_INVALID then
> > {bgp_large_community.add(FILTERED_RPKI_INVALID);reject;}
> > }
> >
> > But when I do 'show route all filtered' I get nothing, I also tried with
> > 'show route bgp_large_community ~ [(1,1101,13)]' and I have the same
> result.
> > Because I would like to have some statistics about
> > VALID/INVALID/UNKOWN prefixes and I saw that I could use the 'show route
> > stats' command.
> >
> > Thanks,
> >
> > Fabiano
> >
> > Il giorno dom 19 apr 2020 alle ore 21:30 Alarig Le Lay
> > <ala...@swordarmor.fr <mailto:ala...@swordarmor.fr>> ha scritto:
> >
> > On Sun 19 Apr 2020 20:42:21 GMT, Fabiano D'Agostino wrote:
> > > Thanks!
> > > But can I also use birdc to check rejected prefixes?
> >
> > If you add a community, it will be visible with `show route all
> > filtered`
> >
> > > Anyway why do you suggest to use bgp_path.last_noaggregated?
> >
> > Because you don’t want to check ROA against another ASN in the
> > aggregated path.
> >
> > --
> > Alarig
> >
>
